EUVD-2025-23666

Malicious code in bioql PyPI...

UBUNTU-CVE-2023-53438

In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC is delivered for poison consumption errors. Therefore,...

CVE-2025-54873

Summary (CVE-2025-54873) : RISC Zero’s zkVM platform and related circuit packages contain a bug in signed integer division that can produce multiple outputs for some inputs (only one valid) and causes division-by-zero results to be underconstrained. Affected versions are: risc0-zkvm 2.0.0–2.1.0; ...

microcode_ctl: Exposure of sensitive information

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Core™ processors 10th Generation may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2025-52484

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

Intel Processors Information Disclosure Vulnerability

Intel Processors is a family of processors produced by Intel Corporation, covering a wide range of laptop, desktop, workstation, and server applications, providing basic to professional-level performance support. Intel Processors suffers from an information disclosure vulnerability that stems fro...

Intel Atom Processors Information Disclosure Vulnerability

Intel Atom Processors is Intel's family of low-power processors for edge computing and networking applications, designed for devices that focus on battery life and compact size rather than raw processing performance. Intel Atom Processors suffers from an information disclosure vulnerability that...

Intel Processors 安全漏洞

Intel Processors are a family of processors from Intel Corporation USA. A security vulnerability exists in Intel Processors that stems from the disclosure of sensitive information about the shared microarchitecture structure, which could lead to the disclosure of local information...

Intel Processors 安全漏洞

Intel Processors is a family of processors produced by Intel Corporation, covering a wide range of laptop, desktop, workstation, and server applications, providing basic to professional-level performance support. Intel Processors suffers from an information disclosure vulnerability that stems fro...

ROS-20240904-09

A firmware vulnerability in AMD processors based on the Zen2 microarchitecture is related to the memory usage after memory has been freed. Exploitation of the vulnerability could allow an attacker to track register contents while other processes are executing on the same CPU core...

Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12154)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12154 advisory. - smb: client: fix OOB in smbCalcSize Paulo Alcantara CVE-2023-6606 - RDMA/irdma: Prevent zero-length STAG registration Christopher Bednarz...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC Generation 3 and 4 that allows a privileged attacker to prevent the delivery of debugging exception...

AMD EPYC Security Vulnerability

AMD EPYC is an x86 architecture server microprocessor product line from AMD, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. The AMD EPYC suffers from a security vulnerability that stems from insufficient validation of the DRAM address in the System Management Unit SMU, whic...

x86/AMD: Debug Mask handling

ISSUE DESCRIPTION AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1 CVE-2023-34327 - An HVM vCPU can end up operating in the...

x86/AMD: Divide speculative information leak

ISSUE DESCRIPTION In the Zen1 microarchitecure, there is one divider in the pipeline which services uops from both threads. In the case of DE, the latched result from the previous DIV to execute will be forwarded speculatively. This is a covert channel that allows two threads to communicate witho...

USN-6315-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Tavis Ormandy discovered that some AMD processors...

fTPM Voltage Fault Injection

Bulletin ID: AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity: High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...

MGASA-2023-0242 Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.15.122 and fixes atleast the following security issue: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register,...

x86/AMD: Zenbleed

ISSUE DESCRIPTION Researchers at Google have discovered Zenbleed, a hardware bug causing corruption of the vector registers. When a VZEROUPPER instruction is discarded as part of a bad transient execution path, its effect on internal tracking are not unwound correctly. This manifests as the wrong...