Speculative register leakage from lazy FPU context switching

ISSUE DESCRIPTION x86 has a hardware mechanism for lazy FPU context switching. On a task switch, %cr0.ts Task Switched gets set, and the next instruction to touch floating point state raises an NM No Math, later known as Device Not Available exception. Traditionally, FPU state has been large in...

UBUNTU-CVE-2018-5848

In the function wmisetie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ielen' argument can cause a buffer overflow in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel...

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

ALPINE-CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

UBUNTU-CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

AF_PACKET packet_set_ring Privilege Escalation

This module exploits a heap-out-of-bounds write in the packetsetring function in net/packet/afpacket.c AFPACKET in the Linux kernel to execute code as root CVE-2017-7308. The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; howev...

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing UDP Fragmentation Offload UFO. This exploit targets only systems using Ubuntu Trusty / Xenial kernels 4.4.0-21 'Linux Kernel UDP Fragmentation Offset UFO Privilege Escalation', 'Description' = %q This module attempts to gain...

The vulnerability in the IPC::Connection::processMessage function of UNIX IPC kernels for display pages in WebKitGTK+ allows a attacker to trigger a buffer overflow.

The vulnerability of the IPC::Connection::processMessage function in UNIX IPC kernel and WebKitGTK+ web pages is caused by improper checking of message sizes. Exploiting this vulnerability can allow a malicious actor to trigger buffer overflows in user interface processes remotely...

Linux kernel 'futex_requeue' function denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'futexrequeue' function in the kernel/futex.c file in versions of Linux kernel prior to 4.14.15. An attacker can exploit this...

Updated gcc packages fix security vulnerability

This update provides and update to 5.5.0 maintenance release and adds support for retpoline, a mitigation technique for CVE-2017-5715 branch target injection aka 'Spectre Variant 2' that is needed at least for the kernels...

UBUNTU-CVE-2017-15847

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel...

USN-3521-1 nvidia-graphics-drivers-384 vulnerability

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

[SECURITY] Fedora 26 Update: dracut-046-8.git20180105.fc26

dracut contains tools to create a bootable initramfs for 2.6 Linux kernels. Unlike existing implementations, dracut does hard-code as little as possible into the initramfs. dracut contains various modules which are driven by the event-based udev. Having root on MD, DM, LVM2, LUKS is supported as...

Updated openafs packages fixes security vulnerability

This update provides an update to openafs 1.6.22, fixing the following security issue: It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS CVE-2017-17432. It also adds support for 4.14 series kernels...

CVE-2017-13164

An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193...

UBUNTU-CVE-2017-13164

An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193...

UBUNTU-CVE-2017-13163

An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972...

UBUNTU-CVE-2017-13168

An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233...