Virtualisation

🔴 Critical | Source: Microsoft Security Response Center CVE-2026-48914 is a heap buffer overflow vulnerability in QEMU-KVM’s virtio-blk driver, specifically in how it handles SCSI requests. This type of flaw can potentially allow a malicious guest virtual machine to corrupt host memory, which in a cloud environment could lead to VM escape — one of the most severe hypervisor-level threats. Microsoft has published this advisory via the MSRC, indicating Azure infrastructure may be affected. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-42915 is a Denial of Service vulnerability affecting Microsoft Windows VMSwitch, a core component of Hyper-V networking used in Azure virtualisation infrastructure. The advisory has been updated to correct the CVE description and title, with no change to the underlying vulnerability details or patches. While classified as a DoS vulnerability, its presence in virtualisation switching layers means it could impact availability across hosted workloads. ...