loader-utils: Regular expression denial of service

A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control C2 framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week. Sliver...

CVE-2022-23005 Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in...

Western Digital UFS 安全漏洞

Western Digital UFS is an application from Western Digital. A security vulnerability exists in Western Digital UFS, which stems from the fact that an attacker may be able to disable boot functionality or revert to old boot loader code if the host boot ROM code is not implemented properly...

USN-5815-1 linux-bluefield vulnerabilities

It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...

GSD-2023-1001527 ext4: fix bug_on in __es_tree_search caused by bad boot loader inode

ext4: fix bugon in estreesearch caused by bad boot loader inode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1000879 ext4: fix bug_on in __es_tree_search caused by bad boot loader inode

ext4: fix bugon in estreesearch caused by bad boot loader inode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000405 ext4: fix bug_on in __es_tree_search caused by bad boot loader inode

ext4: fix bugon in estreesearch caused by bad boot loader inode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

GootKit Loader is targeting organizations in the Australian healthcare industry

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Gootkit, also known as Gootloader, is a type of malware known for being used in advanced persistent threat APT campaigns. Recently, it has been discovered to be targeting organizations in the Australian...

CVE-2021-46779

Insufficient input validation in SVCECCPRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential loss of integrity and availability...

CVE-2021-46768

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service...

CVE-2021-46768

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service...

Input validation

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service...

USN-5793-3: Linux kernel vulnerabilities

It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3910 ...

CVE-2021-46768

Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service...

USN-5791-3 linux-azure-5.4, linux-azure-fde vulnerabilities

It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...

PT-2023-1405 · Amd · Amd Secure Encrypted Virtualization (Sev) Firmware

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization SEV firmware affected versions not specified Description: The issue is related to insufficient input validation in the SEV firmware, which may allow an attacker to perform out-of-bounds memory reads within...

USN-5791-2: Linux kernel (Azure) vulnerabilities

It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-20421 David Leadbeater...

USN-5792-2: Linux kernel vulnerabilities

Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization SEV. A local attacker could possibly use this to cause a denial of service host system crash. CVE-2022-0171 It was discovered th...