Ubuntu 24.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8260-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8260-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8258-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8258-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8203-1)

"The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8203-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

USN-8204-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8179-2 linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8177-1 linux, linux-realtime vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Last-Level Cache Attack

AMD ID: AMD-SB-7032 Potential Impact: N/A Severity: N/A Summary Researchers from Wuhan University have provided AMD with a paper titled “ZenLeak: Practical Last-Level Cache Side-Channel Attacks on AMD Zen Processors” in which they discuss prime and probe attacks targeting the Last-Level Cache LLC...

CVE-2022-29900

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...