110 matches found
New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs
Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks. Dubbed Retbleed by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue ...
hw: cpu: intel: Intra-Mode BTI
A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 BTI where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently...
SUSE-SU-2022:0765-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security...
The vulnerability of the Intra-mode BTI implementation of Intel microprogramming software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Intel microprogrammable processor’s Intra-mode BTI IMBTI implementation is related to errors in parameter processing. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
SUSE-SU-2022:0939-1 Security update for xen
This update for xen fixes the following issues: Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues...
CVE-2022-0002
A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 BTI where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently...
SUSE: Security Advisory (SUSE-SU-2022:14905-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:0765-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:0762-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:0760-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...
OPENSUSE-SU-2022:0760-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...
SUSE-SU-2022:0759-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...
SUSE-SU-2022:14905-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer BHB, named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs...
Important: kernel
Issue Overview: A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or...
Important: kernel
Issue Overview: Amazon Linux has been made aware of a potential Branch Target Injection BTI issue sometimes referred to as Spectre variant 2. This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an...
Mageia: Security Advisory (MGASA-2018-0153)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-5715
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1002)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0007)
The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting...
NewStart CGSL MAIN 5.04 : dracut Vulnerability (NS-SA-2019-0016)
The remote NewStart CGSL host, running version MAIN 5.04, has dracut packages installed that are affected by a vulnerability: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance...