K41043270: Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089

Security Advisory Description CVE-2021-0086 Observable response discrepancy in floating-point operations for some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-0089 Observable response discrepancy in some IntelR Processors m...

K34425791: Intel processor vulnerabilities CVE-2019-0151, CVE-2019-0152

Security Advisory Description CVE-2019-0151 Insufficient memory protection in IntelR TXT for certain IntelR Core Processors and IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2019-0152 Insufficient memory protection in Syste...

K59395527: Intel processor vulnerability CVE-2021-33150

Security Advisory Description Hardware allows activation of test or debug logic at runtime for some IntelR Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVE-2021-33150 Impact There is no impact; F5 products are not...

K11601010: Intel Processor vulnerability CVE-2021-33149

Security Advisory Description Observable behavioral discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-33149 Impact This vulnerability may allow an authorized user to potentially enable information disclosure...

K90305959: Intel processor diagnostic tool vulnerability CVE-2019-11133

Security Advisory Description Improper access control in the IntelR Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. CVE-2019-11133 Impact There is no...

K49711130: OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407

Security Advisory Description Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention.' CVE-2018-5407 also known as PortSmash Impact The vulnerability allows an attacker who can...

SUSE CVE-2016-2271

VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service guest crash via vectors related to a non-canonical RIP...

SUSE CVE-2019-0169

Heap overflow in subsystem in IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; IntelR TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access...

hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some IntelR processors may potentially allow an authorized user to enable information disclosure via local access...

kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86emulateinsn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU...

CVE-2022-26006

CVE-2022-26006 describes an vulnerability in the BIOS firmware for some Intel processors caused by improper input validation, which could allow a privileged user to escalate privileges via local access. The issue is documented by Intel under INTEL-SA-00688 and is reflected in Nessus/F5 advisories...

hw: cpu: Intel: information disclosure via local access

A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...

F5 Networks BIG-IP : Intel Processor vulnerability (K11601010)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K11601010 advisory. - Observable behavioral discrepancy in some IntelR Processors may allow an authorized user to potentially enable...

USN-5677-1 linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5667-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5667-1 advisory. Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading t...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3282-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3282-1 advisory. - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment...

Ubuntu: Security Advisory (USN-5484-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-26373

CVE-2022-26373 concerns Intel processors where non-transparent sharing of return-predictor targets between contexts may allow an authorized local user to disclose information. The provided documents describe this issue as a local-information-disclosure risk but do not specify a vendor patch/versi...

Intel CPU Information Disclosure Vulnerability (INTEL-SA-00330)

The Intel CPU on the remote host might be prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9590 advisory. - floppy: use a statically allocated error counter Willy Tarreau Orabug: 34218638 CVE-2022-1652 - x86: Disable RET on kexec Konrad Rzeszutek Wilk...