117 matches found
GSD-2022-1006208 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...
GSD-2022-1006098 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.256 by commit...
GSD-2022-1005954 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.211 by commit...
GSD-2022-1005767 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.138 by commit...
GSD-2022-1005470 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...
GSD-2022-1005079 mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...
glibc security and bug fix update
2.17-322.0.2 - merge RH el7 u9 errata patches with Oracle patches Review-exception: Simple merge - merge RH el7 u9 patches with Oracle patches Review-exception: Simple merge - Four patches to match 3rd patch bundle from Marvell - modify MIPS values in elf/elf.h - add sysdeps/aarch64/sys/ifunc.h -...
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS) makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
...
Das U-Boot verified boot bypass
Summary An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot’s verified boot and execute an unsigned kernel, embedded in...
CUJO Smart Firewall mdnscap mDNS record parsing code execution vulnerability
Summary An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated...
CUJO Smart Firewall mdnscap mDNS character-strings code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap...
The vulnerability in the implementation of the TLS protocol for Cavium Nitrox SSL, Nitrox V SSL, Octeon SSL, and TurboSSL development tools allows a hacker to disclose sensitive information that should be protected.
The vulnerability of the TLS Transport Layer Security implementation in Cavium Nitrox SSL, Nitrox V SSL, Octeon SSL, and TurboSSL development kits is related to errors in the TLS standard’s implementation. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
CVE-2015-5738
The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack...
Design/Logic Flaw
The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack...
CVE-2015-5738
The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack...
CVE-2015-5738
The RSA-CRT implementation in the Cavium Software Development Kit SDK 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy PFS, makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack...
CVE-2015-5738
The CVE-2015-5738 issue concerns the Cavium SDK 2.x RSA-CRT implementation used on OCTEON II CN6xxx hardware under Linux to support TLS with PFS. A Lenstra fault-side channel attack could allow remote attackers to obtain private RSA keys. Connected advisories indicate mitigations exist in vendor/...