Lucene search
K

110 matches found

The Hacker News
The Hacker News
added 2022/07/13 2:22 p.m.162 views

New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs

Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue ...

6.5CVSS0.9AI score0.74041EPSS
Exploits9
RedHat Linux
RedHat Linux
added 2022/05/10 1:43 p.m.4 views

hw: cpu: intel: Intra-Mode BTI

A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 BTI where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently...

6.5CVSS6.7AI score0.00447EPSS
Exploits0References7
OSV
OSV
added 2022/04/07 8:11 a.m.14 views

SUSE-SU-2022:0765-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security...

7.8CVSS7.8AI score0.89063EPSS
Exploits114References72
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.7 views

The vulnerability of the Intra-mode BTI implementation of Intel microprogramming software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Intel microprogrammable processor’s Intra-mode BTI IMBTI implementation is related to errors in parameter processing. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

4.7CVSS6.4AI score0.00508EPSS
Exploits0References17Affected Software5
OSV
OSV
added 2022/03/23 9:41 a.m.9 views

SUSE-SU-2022:0939-1 Security update for xen

This update for xen fixes the following issues: Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues...

6.5CVSS6.8AI score0.00508EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/03/09 10:13 a.m.81 views

CVE-2022-0002

A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 BTI where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently...

6.5CVSS2.2AI score0.00447EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/03/09 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2022:14905-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.3AI score0.05528EPSS
Exploits14References16
OpenVAS
OpenVAS
added 2022/03/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2022:0765-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.5AI score0.89063EPSS
Exploits114References65
OpenVAS
OpenVAS
added 2022/03/09 12:0 a.m.16 views

SUSE: Security Advisory (SUSE-SU-2022:0762-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.7AI score0.05528EPSS
Exploits13References17
OSV
OSV
added 2022/03/08 6:7 p.m.13 views

SUSE-SU-2022:0760-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...

7.8CVSS7.8AI score0.89063EPSS
Exploits113References63
OSV
OSV
added 2022/03/08 6:6 p.m.11 views

OPENSUSE-SU-2022:0760-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...

7.8CVSS7.7AI score0.89063EPSS
Exploits113References63
OSV
OSV
added 2022/03/08 6:6 p.m.11 views

SUSE-SU-2022:0759-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...

7.8CVSS7.8AI score0.89063EPSS
Exploits115References41
OSV
OSV
added 2022/03/08 6:5 p.m.8 views

SUSE-SU-2022:14905-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...

7.8CVSS7.5AI score0.05528EPSS
Exploits14References24
Amazon
Amazon
added 2022/03/08 12:0 a.m.120 views

Important: kernel

Issue Overview: A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or...

9CVSS7.3AI score0.67994EPSS
Exploits3
Amazon
Amazon
added 2022/03/08 12:0 a.m.58 views

Important: kernel

Issue Overview: Amazon Linux has been made aware of a potential Branch Target Injection BTI issue sometimes referred to as Spectre variant 2. This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an...

9CVSS7.8AI score0.89063EPSS
Exploits103
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2018-0153)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.7AI score0.74041EPSS
Exploits9References7
RedhatCVE
RedhatCVE
added 2021/07/20 6:54 p.m.71 views

CVE-2017-5715

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

5.6CVSS2.7AI score0.93838EPSS
Exploits13References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.55 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1002)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.6CVSS7.9AI score0.93838EPSS
Exploits13References3
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.41 views

NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0007)

The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting...

5.6CVSS7.1AI score0.93838EPSS
Exploits13References5
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.40 views

NewStart CGSL MAIN 5.04 : dracut Vulnerability (NS-SA-2019-0016)

The remote NewStart CGSL host, running version MAIN 5.04, has dracut packages installed that are affected by a vulnerability: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance...

5.6CVSS7.1AI score0.74041EPSS
Exploits9References2
Rows per page
Query Builder