Important: Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update

An update for microcodectl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. The microcodectl packages provide microcode updates for Intel and AMD processors. Bug Fixes and Enhancements: microcodectl: Improper input validation in UEFI firmware CseVariableStorageSmm...

Important: Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update

An update for microcodectl is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. The microcodectl packages provide microcode updates for Intel and AMD processors. Bug Fixes and Enhancements: microcodectl: Improper input validation in UEFI firmware JIRA:RHEL-79234...

DEBIAN-CVE-2024-56721

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum1386microcode array The erratum1386microcode array requires an empty entry at the end. Otherwise x86matchcpuwithstepping will continue iterate the array after it ended. Add an empty entry to...

ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()

...

ROS-20240904-09

A firmware vulnerability in AMD processors based on the Zen2 microarchitecture is related to the memory usage after memory has been freed. Exploitation of the vulnerability could allow an attacker to track register contents while other processes are executing on the same CPU core...

hw: amd: SMM Lock Bypass

A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution...

Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts

Bulletin ID: AMD-SB-7024 Potential Impact: N/A Severity: N/A Summary AMD is aware of a paper titled ‘SMaCK: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts,’ published by researchers from Iowa State University and Google®. The research paper attempts to extend data-cache-sid...

Multi-vendor BIOS Security Vulnerabilities (February, 2024) - Lenovo Support US

No description provided...

Ubuntu: Security Advisory (USN-6604-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6602-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

USN-6602-1: Linux kernel vulnerabilities

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. CVE-2023-20588 It was discovered...

KB5033429: Windows Server 2012 Security Update (December 2023)

The remote Windows host is missing security update 5033429. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36006 - Win32k Elevation of Privilege Vulnerability CVE-2023-36011 - A division-by-zero...

AMD CPU Security Vulnerability

AMD CPUs are a family of CPUs from UltraMicroelectronics AMD. The AMD CPUs suffer from a security vulnerability that stems from insufficient protection in the System Management Mode SMM code could allow an attacker to achieve privilege escalation via local access...

kernel: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver

A reference leak flaw was found in the Linux kernel's AMD P-state unit test driver in the CPU policy access logic. A local user can trigger this issue by loading the amd-pstate-ut driver, which acquires CPU policy references via cpufreqcpuget without releasing them via cpufreqcpuput. This causes...

hw: amd: Cross-Process Information Leak

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances...

Linux kernel conditional contention vulnerability (CNVD-2023-71721)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a conditional contention vulnerability, which arises from a KVM in the Linux kernel with Secure Encrypted Virtualization SEV AMD processor...

USN-6342-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

Ubuntu: Security Advisory (USN-6329-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6332-1: Linux kernel (Azure) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 William Zhao discovered that the Traffic Control T...

EulerOS 2.0 SP11 : kernel (EulerOS-SA-2023-2296)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode swit...