295 matches found
CVE-2024-2193
The connected advisories confirm CVE-2024-2193 is a Speculative Race Condition (SRC) vulnerability tied to Spectre V1, allowing an unauthenticated attacker to disclose data via race conditions in speculative execution paths. The affected surface is the Linux kernel, with mitigations/updates relea...
GhostRace – New Data Leak Vulnerability Affects Modern CPUs
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace CVE-2024-2193, it is a variation of the transient execution CPU vulnerability known as Spectre v1 CVE-2017-5753. The approach combines speculative...
CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
Overview A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...
CVE-2021-47092
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...
PT-2024-41086
Name of the Vulnerable Software and Affected Versions Debian Linux affected versions not specified amd64-microcode affected versions not specified linux affected versions not specified Description The issue concerns a microcode signature verification vulnerability in AMD CPU. It affects packages...
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4665-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4665-1 advisory. Update AMD ucode to 20231030 bsc1215831: - CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attack...
[SECURITY] [DSA 5563-1] intel-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5563-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 23, 2023 https://www.debian.org/security/faq -...
RHEL 9 : kernel (RHSA-2023:7382)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7382 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: clsfw component can...
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 CVSS score: 8.8, the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local...
CVE-2023-20592
A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity. Mitigation...
SUSE-SU-2023:3903-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero XSA-439 bsc1215474. - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests XSA-438 bsc1215145. - CVE-2023-20593: Fixed AMD Zenbleed...
SUSE-SU-2023:3902-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero XSA-439 bsc1215474. - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests XSA-438 bsc1215145. - CVE-2023-20593: Fixed AMD Zenbleed...
AlmaLinux 9 : kernel-rt (ALSA-2023:5091)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5091 advisory. - A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options...
Oracle Linux 5 : ELSA-2018-1196-1: / kernel (ELSA-2018-11961)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-11961 advisory. - Backport CVE-2017-5715 to RHCK/OL5 orabug 27787723 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...
Medium: php71-pecl-imagick
Issue Overview: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. CVE-2017-1000476 The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability th...
SUSE-SU-2023:3389-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. bsc1213287...
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:3361-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3361-1 advisory. - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. bsc1213287 Tenable has extracted the...
SUSE-SU-2023:3362-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. bsc1213287...
SUSE-SU-2023:3361-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. bsc1213287...
SUSE-SU-2023:3360-1 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: - CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. bsc1213287...