133 matches found
2019.2 IPU – TSX Asynchronous Abort Advisory
Summary: A potential security vulnerability in TSX Asynchronous Abort TAA for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-11135 Description: TSX Asynchronous Abort...
CentOS 8 : virt:rhel (CESA-2020:0279)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:0279 advisory. - hw: TSX Transaction Asynchronous Abort TAA CVE-2019-11135 Note that Nessus has not tested for this issue but has instead relied only on the application's...
Security Bulletin: Vulnerability in side channel in Intel CPUs affect IBM Cloud Pak System (CVE-2019-11135)
Summary IBM Cloud Pak System when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information. OS image for RedHat Enterprise Linux for Cloud Pak System is shipped as component for IBM Cloud Pak System. OS image for RedHat Enterprise Linux addressed vulnerability...
Oracle Linux 8 : virt:ol (ELSA-2020-0279)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0279 advisory. - cpumap: Add TAANO bit for IA32ARCHCAPABILITIES MSR CVE-2019-11135 - cpumap: Add TSXCTRL bit for IA32ARCHCAPABILITIES MSR CVE-2019-11135 - api: disallow...
Missing Linux Kernel mitigations for 'TAA - TSX Asynchronous Abort' hardware vulnerabilities (INTEL-SA-00270)
The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
CVE-2019-19338
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...
CVE-2019-19338
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...
CVE-2019-19338
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is no...
Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2020-1792)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : kvm (EulerOS-SA-2020-1792)
According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor...
Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)
Summary IBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information Vulnerability Details CVEID: CVE-2019-11135 DESCRIPTION: Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX...
Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1342)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)
The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the...
Intel SGX and Processor Side Channel Data Leakage Vulnerabilities - Lenovo Support US
No description provided...
Moderate: Red Hat Security Advisory: qemu-kvm security and enhancement update
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
hw: TSX Transaction Asynchronous Abort (TAA)
A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...
Moderate: Red Hat Security Advisory: virt:8.1 and virt-devel:8.1 security update
An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Oracle Linux 8 : kernel (ELSA-2020-0339)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0339 advisory. - x86 kvm: vmx: use MSRIA32TSXCTRL to hard-disable TSX on guest that lack it Paolo Bonzini 1781660 1779553 CVE-2019-19338 - x86 kvm: vmx: implement...
SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)
This update for xen fixes the following issues : CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. CVE-2019-19581: findnextbit issues bsc1158003...