89 matches found
Oracle Linux 8 : kernel (ELSA-2022-7683)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7683 advisory. - x86/speculation: Add LFENCE to RSB fill sequence Waiman Long 2115080 CVE-2022-26373 - x86/speculation: Add RSB VM Exit protections Waiman Long 211508...
RHEL 8 : kernel (RHSA-2022:7683)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7683 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: off-path attacker may inject data or...
Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB
Hello everyone! Lets take a look at Microsofts September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays as usual, they were in Microsoft Edge, the final number is 90...
KB5017328: Windows 11 Security Update (September 2022)
The remote Windows host is missing security update 5017328. It is, therefore, affected by multiple vulnerabilities - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the...
Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-039)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-039 advisory. Amazon Linux has been made aware of a potential Branch Target Injection BTI issue sometimes referred to as Spectre variant 2. This is a known cross-domain transient execution attack where a thi...
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2022-2110)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In aiopollcompletework of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalati...
EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1969)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enabl...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-023 (ALASKERNEL-5.4-2022-023)
The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Lin...
OESA-2022-1631 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the systemCVE-2022-1205 A flaw was...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9274)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9274 advisory. - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address Paolo Bonzini Orabug: 34053807 CVE-2022-1158 - netfilter: nftables: initialize...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9273)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9273 advisory. - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address Paolo Bonzini Orabug: 34053807 CVE-2022-1158 - netfilter: nftables: initialize...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9245)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9245 advisory. - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942325 CVE-2022-0847 - arm64: Use the clearbhb instruction in...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9244)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9244 advisory. - lib/ioviter: initialize 'flags' in new pipebuffer Max Kellermann Orabug: 33942325 CVE-2022-0847 - arm64: Use the clearbhb instruction in...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.28 and fixes at least the following security issues: Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...
CVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...
CVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...
Design/Logic Flaw
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...
CVE-2022-23960
CVE-2022-23960 affects Arm Cortex and Neoverse processors. It is a Spectre-BHB side-channel issue where shared branch history in the Branch History Buffer can influence mispredicted branches, enabling potential information disclosure through cache allocation. Documents note mitigations include de...
CVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...