3rd Gen AMD Ryzen™ Threadripper™ Processors Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kots, datadog-agent, tigera-operator, kubernetes-dashboard, metacontroller, flux-notification-controller, pulumi-language-yaml, boring-registry, tekton-pipelines, prometheus-nats-exporter, grpc-health-probe, fuse-overlayfs-snapshotter, kuberay-operator,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, gitlab-logger, dynamic-localpv-provisioner, spark-operator, goreleaser, nri-rabbitmq, bom, k8sgpt, rclone, neuvector-scanner,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: smarter-device-manager, scorecard, slsa-verifier, gobuster, influx, ip-masq-agent, sops, ctop, sbom-scorecard, metrics-server, cass-operator, configmap-reload, wait-for-port, aactl, k3d, go-md2man, gosu, local-path-provisioner, mage, petname, prometheus-bind-exporter,....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kots, datadog-agent, tigera-operator, kubernetes-dashboard, metacontroller, flux-notification-controller, pulumi-language-yaml, boring-registry, tekton-pipelines, prometheus-nats-exporter, grpc-health-probe, fuse-overlayfs-snapshotter, kuberay-operator,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, gitlab-logger, dynamic-localpv-provisioner, spark-operator, goreleaser, nri-rabbitmq, bom, k8sgpt, rclone, neuvector-scanner,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: smarter-device-manager, scorecard, slsa-verifier, gobuster, influx, ip-masq-agent, sops, ctop, sbom-scorecard, metrics-server, cass-operator, configmap-reload, wait-for-port, aactl, k3d, go-md2man, gosu, local-path-provisioner, mage, petname, prometheus-bind-exporter,....

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: smarter-device-manager, scorecard, slsa-verifier, gobuster, influx, ip-masq-agent, sops, ctop, sbom-scorecard, metrics-server, cass-operator, configmap-reload, wait-for-port, aactl, k3d, go-md2man, gosu, local-path-provisioner, mage, petname, prometheus-bind-exporter,....

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: smarter-device-manager, scorecard, slsa-verifier, gobuster, influx, ip-masq-agent, sops, ctop, sbom-scorecard, metrics-server, cass-operator, configmap-reload, wait-for-port, aactl, k3d, go-md2man, gosu, local-path-provisioner, mage, petname, prometheus-bind-exporter,....

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: tigera-operator, datadog-agent, dataplaneapi, kubernetes-dashboard, cluster-api-controller, vexctl, pulumi-language-yaml, nri-couchbase, gobuster, s5cmd, fuse-overlayfs-snapshotter, kuberay-operator, kubernetes-csi-node-driver-registrar, prometheus-alertmanager,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, tekton-pipelines, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, docker, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, dynamic-localpv-provisioner, cilium, goreleaser, spark-operator, k8sgpt,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, tekton-pipelines, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, docker, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, dynamic-localpv-provisioner, cilium, goreleaser, spark-operator, k8sgpt,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, tekton-pipelines, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...

CVE-2023-52663

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak......

CVE-2023-52678

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below:...

CVE-2023-52673

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. Mitigation...

CVE-2023-52671

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being...

CVE-2023-52691

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the contr...

CVE-2023-52695

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback connectors. Mitigation...

CVE-2024-35799

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists. [How] Check if the function declaration is NULL in disable stream encoder. Mitigation...

CVE-2023-52657

In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This causes hangs on SI when DC is enabled and errors on driver reboot and power off cycles. Mitigation...

CVE-2024-35788

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix bounds check for dcn35 DcfClocks [Why] NumFclkLevelsEnabled is used for DcfClocks bounds check instead of designated NumDcfClkLevelsEnabled. That can cause array index out-of-bounds access. [How] Use...

CVE-2024-25742

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD...

CVE-2024-25742

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD...

CVE-2024-25742

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD...

CVE-2024-25743

In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0...