PT-2022-36489 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to an alignment problem in the bpf prog test run skb function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-36552 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.300 Description: The issue is related to an alignment problem in the bpf prog test run skb function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-36316 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.156 Description: The issue is related to an alignment problem in the bpf prog test run skb function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-36180 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.80 Description: The issue is related to an alignment problem in the bpf prog test run skb function. It was introduced in version v4.12 and fixed in version v5.15.80. The actual impact and attack plausibili...

PT-2022-36020 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v4.12 through v6.0.9 Description: The issue is related to an alignment problem in the bpf prog test run skb function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

SUSE-SU-2022:3942-2 Security update for glibc

This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in popfailstack when executing a malformed regexp bsc1193625 - x86: fix stack alignment in pthreadcondtimedwait bsc1196852 - Recognize ppc64p7 arch to build for power7...

kubernetes security update

kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...

Mimalloc Can Allocate Memory with Bad Alignment

This crate depended on a promise regarding alignments made by the author of the mimalloc allocator to avoid using aligned allocation functions where possible for performance reasons. Since then, the mimalloc allocator's logic changed, making it break this promise. This caused this crate to return...

PT-2022-37433 · Mimalloc · Mimalloc

Name of the Vulnerable Software and Affected Versions: mimalloc affected versions not specified Description: The issue arises from a change in the mimalloc allocator's logic, which broke a promise regarding alignments. This change caused the crate to return memory with incorrect alignment for...

kernel: ext4: fix bug_on ext4_mb_use_inode_pa

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon ext4mbuseinodepa Hulk Robot reported a BUGON: ================================================================== kernel BUG at fs/ext4/mballoc.c:3211! ... RIP: 0010:ext4mbmarkdiskspaceused.cold+0x85/0x136f ... Cal...

SUSE-SU-2022:3942-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in popfailstack when executing a malformed regexp bsc1193625 - x86: fix stack alignment in pthreadcondtimedwait bsc1196852 - Recognize ppc64p7 arch to build for power7...

New Report on IoT Security

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries--the US, the UK, Australia, and Singapore--to secur...

Unbreakable Enterprise kernel security update

5.4.17-2136.311.6 - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' Sherry Yang Orabug: 34535896 5.4.17-2136.311.5 - netfilter: nftables: do not allow RULEID to refer to another chain Thadeu Lima de Souza Cascardo Orabug: 34495567 CVE-2022-2586 - netfilter: nftable...

PT-2022-33516 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.10 through v5.19.1 Description: The issue concerns the alignment for DMA safety in the mpu6050 driver. It was introduced in version v5.10 and fixed in version v5.19.2. The actual impact and attack plausibility have no...

Ubuntu: Security Advisory (USN-162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Building Cybersecurity KPIs for Business Leaders and Stakeholders

In the final part of our “Hackers 're Gonna Hack” series, we’re discussing how to bring together parts one and two of operationalising cybersecurity together into an overall strategy for your organisation, measured by key performance indicators KPIs. In part one, we spoke about the problem, which...

GSD-2022-1004867 ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction

ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.289 by commit...

java-11-openjdk security, bug fix, and enhancement update

1:11.0.16.0.8-1.0.1 - link atomic for ix86 build 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8284920 patch now upstreamed - Print release file during build, which should now...

UBUNTU-CVE-2022-2226

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an...

GHSA-PMCV-MGCF-RVXG Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...