Release 4.2: Alibaba | AWS | Azure | GCP | HyperV | IBM | KVM | Nutanix | Oracle Cloud | Openstack | Proxmox | RedHat Openshift | VMware | Xenserver

July 03, 2026

 The operating system for Virtual Scanner cannot be upgraded. You need to replace the scanner image or deploy a new scanner with the latest image, although this may not always be necessary. For details on when scanner replacement is necessary, refer to the Know when scanner replacement is needed section. 

What's New?

This release brings new features and updates to data centers and desktop platforms. 

qVSA-4.2 supports both EFI and BIOS boot modes

New Features

With this release, we have introduced new features for:

Alibaba

Supports both UEFI and BIOS boot modes.

AWS

Supports both UEFI and BIOS boot modes, with UEFI as the default for all instance types that support it.

Azure

Supports both UEFI and BIOS boot modes.

GCP

Support of Shielded VM capabilities such as Secure Boot, vTPM (for Measured Boot), and Integrity Monitoring.

HyperV 

Supports both UEFI and BIOS boot modes. UEFI is the default boot mode.

IBM 

Supports both UEFI and BIOS boot modes.

KVM

Supports both UEFI and BIOS boot modes.

Nutanix

Supports both UEFI and BIOS boot modes.

OpenStack

Supports both UEFI and BIOS boot modes.

Oracle Cloud

Supports both UEFI and BIOS boot modes.

Proxmox

Supports both UEFI and BIOS boot modes.

RedHat OpenShift

Supports both UEFI and BIOS boot modes.

Vmware

Supports both UEFI and BIOS boot modes.

Xenserver 

Supports both UEFI and BIOS boot modes.

Limitations

Currently, we are not supporting SCAP scanning (applies to all platforms).

Alibaba

Secure Boot and vTPM are not yet supported.

AWS

Secure Boot and vTPM are not yet supported.

Azure

  • Secure Boot and vTPM are not yet supported.
  • No support for security type: Confidential VMs.
  • No support for security feature: Integrity Monitoring.
  • New version is Gen2 based, refer to https://aka.ms/azuregen2vm for supported VM sizes.

HyperV 

Secure Boot and vTPM are not yet supported.

IBM

Secure Boot and vTPM are not yet supported.

KVM

Secure Boot and vTPM are not yet supported.

Nutanix 

Secure Boot and vTPM are not yet supported.

OpenStack

Secure Boot and vTPM are not yet supported.

Oracle Cloud

  • No support for Confidential VM.
  • Secure Boot and vTPM are not yet supported.

Proxmox

Secure Boot and vTPM are not yet supported.

RedHat OpenShift

  • SecureBoot is not yet supported.
  • QEMU guest agent is not included in the qVSA-4.2 image.

Vmware 

Secure Boot and vTPM are not yet supported.

Xenserver

Secure Boot and vTPM are not yet supported.

Issues Addressed

Component Issue

Security Fixes

Earlier versions of qVSA were affected by CVE-2026-43284, a vulnerability in the Linux kernel XFRM/ESP (Encapsulating Security Payload) subsystem. In specific ESP-in-UDP scenarios, ESP input processing could perform in-place decryption on shared socket buffer (skb) fragments, potentially resulting in memory corruption and impacting system stability and security.
This release of qVSA-4.2 resolves the issue by updating the Oracle UEK7 kernel package to:
kernel-uek-5.15.0-320.202.8.3.el8uek.x86_64.rpm

The updated kernel ensures correct handling of skb fragments during ESP processing, eliminating the vulnerability.

References:

This issue has been fixed for all platforms.

Scan Capacity Correction

Fixed an issue where scan capacity was incorrectly calculated, resulting in a higher-than-expected reported capacity.