Microarchitectural Cache Side-Channel Attacks

Bulletin ID: AMD-SB-7025 Potential Impact: N/A Severity: N/A Summary Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs.” In their paper, the researchers describe a potential side-channel vulnerability on AMD CPU...

Last-Level Cache Side-Channel Attacks

AMD ID: AMD-SB-7019 Potential Impact: N/A Severity: N/A Summary Researchers from the University of Illinois Urbana-Champaign and Tel Aviv University have published a paper titled “Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud.” The paper does not demonstrate any...

CVE-2022-23824

A flaw was found in hw. The AMD CPUs can be attacked similar to the previously known Spectre Variant 2 CVE-2017-5715. This issue affects AMD CPUs where the OS relies on IBPB to flush the return address predictor. As a result, an unprivileged attacker could use this flaw to cross the syscall and...

CVE-2018-3639

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

CVE-2017-5715

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

SUSE: Security Advisory (SUSE-SU-2015:1511-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-3620

Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of...

CVE-2018-3665

A Floating Point Unit FPU state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the "Lazy FPU Restore" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker cou...

CVE-2018-3693

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2018-1383)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2006)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-1643)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2018-1192)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2018-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1270)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1400)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important kernel security update: Virtuozzo ReadyKernel patch 90.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to the kernels 3.10.0-693.21.1.vz7.46.7 Virtuozzo 7.0.7 HF2, 3.10.0-693.21.1.vz7.48.2 Virtuozzo 7.0.7 HF3, 3.10.0-862.9.1.vz7.63.3 Virtuozzo 7.0.8, 3.10.0-862.11.6.vz7.64.7 Virtuozzo 7.0.8...

Security Bulletin: IBM Security Privileged Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following a fixpack for IBM Security Privileged Identity Manager in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

NewStart CGSL MAIN 5.04 : dracut Vulnerability (NS-SA-2019-0016)

The remote NewStart CGSL host, running version MAIN 5.04, has dracut packages installed that are affected by a vulnerability: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance...