EUVD-2023-51007

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-46841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature...

Fedora 40 : xen (2024-3a36322c4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. update to xen-4.18.1 rebase xen.gcc12.fixes.patch remove patches now included or superceded upstream ---- x86: Register File Data Sampling XSA-452,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2024:1102-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1102-1 advisory. - Information exposure through microarchitectural state after transient execution from some...

ALPINE-CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

CVE-2023-46841 affects the Xen hypervisor CET Shadow Stacks feature. The issue arises when CET-SS replay of certain instructions during return handling misses the shadow-stack frame removal, creating a potential local impact on availability. Documents describe Xen’s interaction with shadow stacks...

x86: shadow stack vs exceptions from emulation stubs

ISSUE DESCRIPTION Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and...

PT-2024-13384 · Xen +2 · Xen +2

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the interaction between the Control-flow Enforcement Technology CET and the Xen emulation. CET is a hardware feature designed to protect against Return Oriented...

August 16, 2022—KB5016693 (OS Build 20348.946) Preview

August 16, 2022—KB5016693 OS Build 20348.946 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find o...

Hybrid-Work Drives Hardware Security Strategies

Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted security strategies to better secure an evolving attack surface changed significantly by COVID. To address new challenges, hardware-assisted security is viewed as an effective and...

This Week in Security News: Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware and New Phishing Campaign Targeting Office 365 Exploits Brand Names

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how the next generation of Intel mobile processors will include malware protection built into the chip. Also, read about a new...

Intel Adds Anti-Malware Protection in Tiger Lake CPUs

Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology CET, which aims to protect against common malware attacks. CET protects against attacks on processors’ control flow, which refers to the order...