61 matches found
SUSE CVE-2025-38560
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific mitigation is to tou...
CVE-2025-38560
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific mitigation is to tou...
CVE-2025-38560 x86/sev: Evict cache lines during SNP memory validation
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific mitigation is to tou...
CVE-2025-38560
CVE-2025-38560 relates to the Linux kernel x86/sev SNP memory validation. The vulnerability requires a cache-line eviction mitigation when memory is validated after changing a page state to private. The documented mitigation is to touch the first and last byte of each 4K page being validated. If ...
CVE-2025-27097
GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with...
CVE-2025-27097
Affected software: GraphQL Mesh (a GraphQL Federation framework/gateway). The issue stems from the LRU-based cache for DocumentNode used during transforms, causing the initial set of variables to be reused across subsequent requests with different variables. As a result, if tokens are supplied vi...
SUSE CVE-2024-36923
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
PT-2024-27213
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when an iget fails due to the inability to retrieve information from the server, resulting in a partially initialized inode structure. Upon eviction, references are made...
PT-2024-41505
Name of the Vulnerable Software and Affected Versions: linux in Debian Linux affected versions not specified Description: The vulnerability involves evicting cache lines during Secure Nested Paging SNP memory validation in x86 systems. This issue affects Debian Linux. Recommendations: At the...
PT-2023-36348 · Unknown · Graphql Mesh
Name of the Vulnerable Software and Affected Versions: GraphQL Mesh affected versions not specified Description: GraphQL Mesh is a framework and gateway for GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, and databases. When a user transforms on the root level or...
Race Condition
org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...
OpenSearch issue with fine-grained access control during extremely rare race conditions
Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...
UBUNTU-CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
CVE-2023-31141
OpenSearch vulnerability CVE-2023-31141 involves race-condition on access-control rules (document-level/field-level security and field masking) where queries may bypass correct authorization under extremely rare timing with concurrent requests and query-cache eviction. Affected are OpenSearch rel...
hw: L1D Cache Eviction Sampling
A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...
RHEL 7 : microcode_ctl (RHSA-2021:3317)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3317 advisory. hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Special Register Buffer Data Sampling SRBD...
RHEL 7 : microcode_ctl (RHSA-2021:3255)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3255 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543...
RHEL 8 : microcode_ctl (RHSA-2021:3176)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3176 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Vector Register Data Sampling CVE-2020-0548 hw: L1D Cache...
RHEL 7 : microcode_ctl (RHSA-2021:3029)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3029 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543...