66 matches found
SUSE CVE-2024-46862
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
CVE-2023-28743
Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access...
PT-2023-26250 · Intel · Intel Sgx
Name of the Vulnerable Software and Affected Versions: SCONE Confidential Computing Platform versions prior to 5.8.0 Description: An issue was discovered in the SCONE Confidential Computing Platform, where the lack of pointer-alignment logic in scone dispatch and other entry functions allows a...
kernel: ASoC: Intel: avs: Fix potential buffer overflow by snprintf()
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow although it's...
K000133512: Intel platform vulnerabilities (INTEL-SA-00737) CVE-2021-39295, CVE-2021-39296, CVE-2022-29493, CVE-2022-29494, and CVE-2022-35729
Security Advisory Description CVE-2021-39295 In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid IPMI lan+ interface. CVE-2021-39296 In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control ...
CVE-2022-35729
Out of bounds read in firmware for OpenBMC in some IntelR platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access...
CVE-2022-35729
CVE-2022-35729 affects OpenBMC firmware on some Intel platforms. The issue is an out-of-bounds read in the firmware that, on affected OpenBMC/OpenBMC implementations prior to version 0.72, could allow an unauthenticated attacker to cause a denial of service over the network. The vulnerability is ...
SUSE CVE-2019-11090
Cryptographic timing conditions in the subsystem for IntelR PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; IntelR TXE 3.1.70 and 4.0.20; IntelR SPS before versions SPSE504.01.04.305.0, SPSSoC-X04.00.04.108.0, SPSSoC-A04.00.04.191.0, SPSE304.01.04.086.0,...
Intel SGX Platform Software 信息泄露漏洞
Intel SGX Platform Software is a suite of software protection extensions from Intel Corporation. A security vulnerability exists in Intel SGX Platform Software, which can be exploited by attackers to cause an information disclosure...
CVE-2020-24452
Improper input validation in the IntelR SGX Platform Software for Windows may allow an authenticated user to potentially enable a denial of service via local access...
SGX Platform Software Input Validation Error Vulnerability
Intel SGX Platform Software is a suite of software protection extensions from Intel Corporation USA. An input validation error vulnerability exists in Intel SGX Platform that could allow an authenticated user to enable denial of service via local access...
PT-2020-3964 · Intel · Intel Amt +1
Name of the Vulnerable Software and Affected Versions: IntelR AMT versions prior to 11.8.79 IntelR AMT versions prior to 11.12.79 IntelR AMT versions prior to 11.22.79 IntelR AMT versions prior to 12.0.68 IntelR AMT versions prior to 14.0.39 IntelR ISM versions prior to 11.8.79 IntelR ISM version...
HPSBHF03600 rev. 2 - Insecure Handling of BIOS and AMT Passwords
Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY A potential security vulnerability has been identified with the Intel platform code firmware included in certain Intel vPro Processor families with AMT...
Insecure Handling of BIOS and AMT Passwords in Intel Platform Sample Firmware - US
Lenovo Security Advisory: LEN-23848 Potential Impact: Information disclosure Severity: High Scope of Impact: Industry wide CVE Identifier: CVE-2017-5704 Summary Description: Platform sample firmware supplied by Intel for multiple processor familes, and incorporated by Lenovo into multiple product...
Intel® Platform Trust Technology (PTT) Update Advisory
Summary: A potential vulnerability in the Intel® PTT module in Intel® CSME firmware and Intel® TXE firmware may allow information disclosure. Intel is releasing Intel® CSME firmware and Intel® TXE firmware updates to mitigate this potential vulnerability. Vulnerability Details CVEID: CVE-2018-365...
Multiple vulnerabilities in the Intel Server Platform Services (SPS) subsystem of the Platform Controller Hub microprogramming software family, which allow attackers to enhance their privileges
The multiple vulnerabilities of the Intel Server Platform Services SPS subsystem, which are part of the Platform Controller Hub PCH microcontroller-based software family and serve as south bridges, are caused by buffer overflows. These vulnerabilities are related to deficiencies in access control...
Oracle8i Standard Edition 8.1.5 for Linux Installer Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1035/info A vulnerability exists in the installation program for Oracle 8.1.5i. The Oracle installation scripts will create a directory named /tmp/orainstall, owned by oracle:dba, mode 711. Inside of this directory it wil...
CVE-2010-2938
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...
Design/Logic Flaw
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...
FreeBSD mbuf本地权限提升漏洞
BUGTRAQ ID: 41577 CVE ID: CVE-2010-2693 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 mbuf是FreeBSD内核进程间通讯和联网子系统中的基础内存管理单元。网络报文和套接字缓冲区依赖于mbuf进行存储。 在复制mbuf缓冲区引用时没有正确地拷贝只读标志,如果使用sendfile2系统调用在回环接口上传输数据,就可能导致修改所传送数据的后端内存页,造成数据破坏。本地攻击者可以通过精心控制系统文件的破坏情况来利用这种数据破坏提升权限。请注意攻击者可以破坏任意可读访问的文件。 FreeBSD FreeBSD 8....