Moderate: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: amd: Cross-Process Information Leak CVE-2023-20593 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

RHEL 9 : linux-firmware (RHSA-2023:5068)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5068 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: amd: Cross-Process...

hw: amd: Cross-Process Information Leak

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances...

hw: amd: Cross-Process Information Leak

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances...

hw: amd: Cross-Process Information Leak

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

hw: amd: Cross-Process Information Leak

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances...

hw: amd: Cross-Process Information Leak

A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances...

Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know

Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors...

SUSE CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

SUSE CVE-2019-3016

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD...

USN-5824-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

RHEL 8 : kpatch-patch (RHSA-2020:3073)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3073 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

RHEL 8 : kpatch-patch (RHSA-2020:3297)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3297 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

CVE-2022-22750

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.This bug only affects Firefox for Windows and MacOS. Other operating...

USN-5782-1: Firefox vulnerabilities

It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. CVE-2022-46871 Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker coul...

The vulnerability of the XPC service implementation in the Mac OS X operating system allows a perpetrator to bypass the authentication process.

The vulnerability of the XPC service implementation in the Mac OS X operating system is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass authentication procedures and gain administrator privileges...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...