EUVD-2023-51007

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-46841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature...

Fedora 40 : xen (2024-3a36322c4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. update to xen-4.18.1 rebase xen.gcc12.fixes.patch remove patches now included or superceded upstream ---- x86: Register File Data Sampling XSA-452,...

SUSE SLED15: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2024:1102-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1102-1 advisory. - CVE-2023-28746: Register File Data Sampling bsc1221332 - CVE-2024-2193: Fixed GhostRace, a...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

CVE-2023-46841

CVE-2023-46841 affects the Xen hypervisor CET Shadow Stacks feature. The issue arises when CET-SS replay of certain instructions during return handling misses the shadow-stack frame removal, creating a potential local impact on availability. Documents describe Xen’s interaction with shadow stacks...

x86: shadow stack vs exceptions from emulation stubs

ISSUE DESCRIPTION Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and...

This Week in Security News: Intel Says ‘Tiger Lake’ Will Drown Control-Flow Malware and New Phishing Campaign Targeting Office 365 Exploits Brand Names

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how the next generation of Intel mobile processors will include malware protection built into the chip. Also, read about a new...

Intel Adds Anti-Malware Protection in Tiger Lake CPUs

Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology CET, which aims to protect against common malware attacks. CET protects against attacks on processors’ control flow, which refers to the order...