19 matches found
EUVD-2021-33448
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-50370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount bsc1225889. Other fixes: Fixed Kubevirt GPU passthrough failure bsc1245542 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount bsc1225889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount bsc1225889. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
kernel: save/restore speculative MSRs during S3 suspend/resume
A flaw was found in the Linux kernel X86 CPU Power management when resuming CPU from suspend-to-RAM. This issue could allow a local user unauthorized access to memory from the CPU...
CVE-2021-46792
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
CVE-2021-46792
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
Design/Logic Flaw
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
CVE-2021-46792
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
CVE-2022-40246
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
CVE-2022-40246
CVE-2022-40246 concerns the SbPei module and a byte-write during the PEI phase (specifically on S3 resume) that can influence subsequent boot stages. Affected component is SbPei; root cause is arbitrary one-byte write at an address during PEI, enabling mitigations bypass, disclosure of physical m...
CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
CVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers PRx. After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPa...
HPSBHF03609 rev. 3 - TPM Platform Configuration Vulnerability After S3 Resume
Potential Security Impact Information Disclosure, Denial of Service, Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: Seunghun Han, National Security Research Institute VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the...
Configuration Bypass During S3 Resume
Summary: System firmware of certain products does not completely protect platform configuration data. Description: During resume from sleep, system firmware needs to reinitialize hardware to a secured configuration. In order to protect against malware that has already compromised an OS, firmware...
Mandrake Linux Security Advisory : kernel (MDKSA-2006:123)
A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The kernel did not clear sockaddrin.sinzero before returning IPv4 socket names for the getsockopt function, which could allow a local user to obtain portions of potentially sensitive memory if getsockopt is called...
Mandrake Linux Security Advisory : kernel (MDKSA-2006:086)
A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS...