Rocky Linux 8 : kernel (RLSA-2022:7110)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7110 advisory. - A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5728-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5728-1 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading t...

CVE-2022-23824

A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 CVE-2017-5715. This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and...

New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide

An updated version of a malware loader codenamed IceXLoader is suspected of having compromised thousands of personal and enterprise Windows machines across the world. IceXLoader is a commodity malware that's sold for $118 on underground forums for a lifetime license. It's chiefly employed to...

IBPB and Return Stack Buffer Interactions

Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 previously known as Spectre Variant 2 attacks...

Xenstore: Guests can create arbitrary number of nodes via transactions

ISSUE DESCRIPTION In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been...

Xenstore: Guests can crash xenstored via exhausting the stack

ISSUE DESCRIPTION Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore nodes. With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. IMPACT A malicious guest creating very deep nesting...

Xenstore: Guests can crash xenstored

ISSUE DESCRIPTION Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the...

AlmaLinux 8 : kernel-rt (ALSA-2022:7134)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7134 advisory. - A kernel information leak flaw was identified in the scsiioctl function in drivers/scsi/scsiioctl.c in the Linux kernel. This flaw allows a local attack...

Oracle Linux 8 : kernel (ELSA-2022-7110)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7110 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - intelidle: Fix false positive RCU splats due to incorrect hardirqs state Waiman Long 2103167...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-037)

The version of kernel installed on the remote host is prior to 5.4.217-126.408. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-037 advisory. - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and iouring. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-2602 A flaw was found in hw. The unprotected alternative channel of return bran...

New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions .NetCore, the latest version PHP also aims to...

Amazon Linux AMI : kernel (ALAS-2022-1636)

The version of kernel installed on the remote host is prior to 4.14.294-150.533. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1636 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the w...

SparklingGoblin Revamps SideWalk Backdoor for Linux Variant

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, wit...

PT-2022-23118 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when RaggedTensorToVariant is given a rt nested splits list...

Amazon Linux 2 : kernel, --advisory ALAS2-2022-1838 (ALAS-2022-1838)

The version of kernel installed on the remote host is prior to 4.14.291-218.527. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1838 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the...

SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state...

Mirai botnet resurfaces with MooBot variant to target D-Link devices

By Deeba Ahmed The botnet is exploiting four different vulnerabilities in D-Link devices. This is a post from HackRead.com Read the original post: Mirai botnet resurfaces with MooBot variant to target D-Link devices...

Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-125)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory. A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-2990...