227 matches found
RHEL 9 : linux-firmware (RHSA-2024:0433)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0433 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw amd: Return Address...
Rocky Linux 8 : kernel-rt (RLSA-2024:0134)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0134 advisory. - A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative...
amd: Return Address Predictor vulnerability leading to information disclosure
A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure...
RHEL 8 : kernel-rt (RHSA-2024:0134)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0134 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
RHEL 8 : kernel (RHSA-2024:0113)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0113 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use after free in...
CVE-2023-34328
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34328
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
Design/Logic Flaw
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34328
CVE-2023-34328 relates to Xen where a PV vCPU can place a breakpoint over the live GDT, potentially locking up the CPU. This is described in the CNA as a Xen/AMD x86 debugging state handling issue that can lead to a denial of service. The entry references XSA-156 and CVE-2015-8104 as related cont...
CVE-2023-34328
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327 x86/AMD: Debug Mask handling
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...
CVE-2023-34327
CVE-2023-34327 and CVE-2023-34328 describe Xen handling flaws in AMD x86 debugging extensions where an HVM vCPU can run under a previous vCPU’s debug mask state or a PV vCPU can place breakpoints on a live GDT. This can cause denial of service and CPU lockups. Root cause: errors in Xen’s guest-st...
Oracle Linux 9 : kernel (ELSA-2023-7749)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7749 advisory. - x86/retpoline: Document some thunk handling aspects Borislav Petkov CVE-2023-20569 - objtool: Fix return thunk patching in retpolines Josh Poimboeuf...
CentOS 7 : linux-firmware (RHSA-2023:7513)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7513 advisory. - A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative...
RHEL 7 : linux-firmware (RHSA-2023:7782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7782 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw amd: Retur...
CVE-2020-12965
A flaw was found in AMD CPUs. When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits, potentially resulting in data leakage...
SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new...
Memory Integrity Loss
amd64-microcode AMD CPU microcode patches is vulnerable to Memory Integrity Loss. The vulnerability is caused due to Improper or Unexpected behavior of the INVD instruction in some AMD CPUs. It can allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU...