Exploiting Inaccurate Branch History in Side-Channel Attacks

Modern out-of-order CPUs heavily rely on speculative execution for performance optimization, with branch prediction serving as a cornerstone to minimize stalls and maximize efficiency. Whenever shared branch prediction resources lack proper isolation and sanitization methods, they may originate...

Privilege Desynchronization: Cross-Privilege Spectre Attacks with Branch Privilege Injection

AMD ID: AMD-SB-7030 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have provided AMD with a paper titled “Privilege Desynchronization: Cross-Privilege Spectre Attacks with Branch Privilege Injection.” AMD reviewed the paper and believes that this vulnerability does not...

Linux Distros Unpatched Vulnerability : CVE-2024-2201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel...

CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

CVE-2024-2201 CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

Spectre V2 Mitigation Bypass on Linux®

AMD ID: AMD-SB-7018 Potential Impact: N/A Severity: N/A Summary An external researcher has shared a paper with AMD titled “InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2.” AMD is not aware of any impact to AMD products. No customer action is required...

PT-2007-6681 · Digium · Asterisk Zaptel

Name of the Vulnerable Software and Affected Versions: Asterisk Zaptel version 1.4.5.1 Description: The issue is related to a buffer overflow in the sethdlc.c file, potentially allowing local users to gain privileges via a long device name in the ifr name field. However, the vendor disputes this,...

CVE-2006-1542

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath...