128 matches found
kernel: speculation on incompletely validated data on IBM Power9
A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. The attack has limited access to memory and is only able to access memory normally permissible to the execution context. The highest threat...
Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RLSA-2022:1988 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: fget: check that the fd still exists after getting a ref to it CVE-2021-4083 kernel: avoid cyclic entity chains due to malformed USB descriptors CVE-2020-0404 kernel: speculation on...
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
IBM OPENBMC OP910 Information Disclosure Vulnerability
IBM OPENBMC OP910 is a POWER8 and POWER9 emulator from International Business Machines Corporation IBM.IBM OPENBMC OP920, OP930 and OP940 have a security vulnerability that could be exploited by an unauthenticated attacker to gain access to sensitive information...
Security Bulletin: This Power System update is being released to address CVE 2018-1992
Summary POWER9: In response to a buffer overflow vulnerability on the boot loader, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2018-1992. Vulnerability Details CVEID: CVE-2018-1992 DESCRIPTION: The IBM POWER9 boot firmware'...
Security Bulletin: This Power System update is being released to address CVE-2018-5391
Summary POWER9: In response to a denial of service vulnerability, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5391. A remote attacker could use large IP frames to trigger time and calculation expensive calls in the...
Security Bulletin: This Power System update is being released to address CVE 2019-6260
Summary POWER8/POWER9: In response to a security issue with BMC's physical address space, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2019-6260. Vulnerability Details CVEID: CVE 2019-6260 DESCRIPTION: The ASPEED AST2400 and...
glibc security update
2.28-164.0.1 - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for...
Advisory ROSA-SA-2021-1838
Software: gcc 4.8.5 OS: Cobalt 7.9 CVE-ID: CVE-2018-12886 CVE-Crit: HIGH CVE-DESC: stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate sequences of instructions when targeting ARM targets that...
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9308)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9308 advisory. - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860493 CVE-2021-31916 - powerpc/64s: flush L1D after user accesses...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9305)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9305 advisory. - dm ioctl: fix out of bounds array access when no devices Mikulas Patocka Orabug: 32860493 CVE-2021-31916 - powerpc/64s: flush L1D after user accesses...
SUSE: Security Advisory (SUSE-SU-2020:3713-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
glibc security update
2.28-151.0.1.el84 - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag ...
CVE-2021-20487
IBM Power9 Self Boot EngineSBE could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process...
CVE-2021-20487
IBM Power9 Self Boot EngineSBE could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process...
Code injection
IBM Power9 Self Boot EngineSBE could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process...
CVE-2021-20487
CVE-2021-20487 affects IBM Power9 Self Boot Engine (SBE). The SBE vulnerability could let a privileged user inject malicious code and compromise the integrity of the host firmware by bypassing the host firmware signature verification process. Affects IBM Power Systems with Power9 SBE, with remedi...
CVE-2021-20487
IBM Power9 Self Boot EngineSBE could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process...
IBM Power9 Self Boot Engine (SBE) Data Forgery Issue Vulnerability
The IBM Power9 Self Boot Engine is a chip from the American company IBM. A security vulnerability exists in the IBM Power9 Self Boot Engine SBE that could allow a user with appropriate privileges to inject malicious code and compromise the integrity of the host firmware through the host firmware...