CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

F5 Networks BIG-IP : OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) (K49711130)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.2.1 / 15.0.0. It is, therefore, affected by a vulnerability as referenced in the K49711130 advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing...

MGASA-2019-0172 Updated kernel-linus packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

Debian: Security Advisory (DLA-1787-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-4444-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1787-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1+deb9u2deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 928125 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into...

Debian DSA-4444-1 : linux - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures buffers. This flaw could allow an attacker controlling an unprivileged process to read sensitive...

[SECURITY] [DSA 4444-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...

Intel Firmware 2018.4 QSR Advisory

Summary: Multiple potential security vulnerabilities in Intel firmware may allow for escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2018-12201 Description:...

CVE-2018-12202

Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation IntelR Core Processor, 7th Generation IntelR Core Processor may allow privileged user to potentially leverage existing features via local access...

qemu security update

12:2.9.0-19.el7 - lsi53c895a: convert to trace-events Mark Cave-Ayland Orabug: 28205376 - lsi: Reselection needed to remove pending commands from queue George Kennedy Orabug: 28626490 - lsi53c895a: check message length value is valid Prasad J Pandit Orabug: 28873208 CVE-2018-18849 - 9p: fix QEMU...

DEBIAN-CVE-2018-19967

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service host OS hang because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix...

[SECURITY] [DLA 1481-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.110-3+deb9u4deb8u1 CVE ID : CVE-2018-3620 CVE-2018-3646 Debian Bug : 906769 Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of...

[SECURITY] [DSA 4279-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4279-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 20, 2018 https://www.debian.org/security/faq -...

MGASA-2018-0347 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.65 and adds fixes and mitigations for the now publically known security issue affecting Intel processors called L1 Terminal Fault L1TF: Systems with microprocessors utilizing speculative execution and Intel Software Guard Extensions Intel SGX...

This Week in Security News: Banks and Botnets

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the FBI warned U.S. banks of a wide-scale cybercrime campaign called “ATM cash-out,” in which hackers use cloned ATM cards for fraudulent...

Intel Processor Diagnostic Tool Elevation of Privilege Vulnerability

Intel Processor Diagnostic Tool IPDT is a processor function diagnostic tool from Intel USA. A security vulnerability exists in Intel IPDT version 4.1.0.24, which is caused by the installation tool failing to properly set permissions on installed files. The vulnerability can be exploited to execu...

Intel Processor Diagnostic Tool elevation of privilege vulnerability (CNVD-2018-15597)

Intel Processor Diagnostic Tool IPDT is a processor function diagnostic tool from Intel USA. An elevation of privilege vulnerability exists in Intel IPDT versions prior to 4.1.0.27. A local attacker can exploit this vulnerability to execute arbitrary code...

Intel ME 6.x/7.x/8.x/9.x/10.x./11.x, SPS 4.0, and TXE 3.0 Cumulative Security Update - US

Lenovo Security Advisory: LEN-17297 Potential Impact: An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service...

CVE-2018-3668

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...