EUVD-2021-33434

Malicious code in bioql PyPI...

CVE-2024-44949

In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCHDMAMINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the...

x86/AMD: Speculative Return Stack Overflow

ISSUE DESCRIPTION Researchers from ETH Zurich have extended their prior research XSA-422, Branch Type Confusion, a.k.a Retbleed and have discovered INCEPTION, also know as RAS Return Address Stack Poisoning, and Speculative Return Stack Overflow. The RAS is updated when a CALL instruction is...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

Information disclosure

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors

Bulletin ID: AMD-SB-1039 Potential Impact: Information Disclosure Severity: Medium Summary Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2”, “Zen 3” and “Zen 4” that use simultaneous multithreading SMT. By...

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...

DEBIAN-CVE-2022-29900

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. The “Take A Way” attack, so-called by researchers with the Graz University of Technology in a new analysis this weekend, is a side-channel attack...

February 12, 2019—KB4486993 (Security-only update)

February 12, 2019—KB4486993 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may prevent applications that use a Microsoft Jet database...