VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12151)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12151 advisory. 5.4.17-2136.328.3 - IB/cm: Cancel mad on the DREQ event when the state is MRAREPRCVD Mark Zhang Orabug: 36143228 - KSPLICE: make sure the stack is...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2383)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read a...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5728-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5728-1 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading t...

Oracle Linux 8 : kernel (ELSA-2022-7110)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7110 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - intelidle: Fix false positive RCU splats due to incorrect hardirqs state Waiman Long 2103167...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9709)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9709 advisory. - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - arm64: proton-pack: provide...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9710 advisory. - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - arm64: proton-pack: provide...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a rout...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2549-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2549-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2478-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2478-1 advisory. - The usbserialconsoledisconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denia...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2377-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...

CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

Design/Logic Flaw

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

CVE-2022-29901 Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

The vulnerability of Intel microprocessor microprogramming software, which arises due to insufficient testing of input data, allows a hacker to trigger a service failure.

The vulnerability of Intel microprocessor microprogramming software exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system...

The vulnerability of Intel microprocessor microprogramming software arises from synchronization errors when using shared resources, allowing attackers to disclose protected information.

The vulnerability of Intel microprogramming software arises from synchronization errors when using a common resource. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...

The vulnerability of Intel microprocessor microprogramming software, caused by buffer overflows, allows attackers to increase their privileges or cause system failures.

The vulnerability of Intel microprogramming software arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to enhance their privileges or cause system failures...