[SECURITY] [DSA 5178-1] intel-microcode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5178-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2022 https://www.debian.org/security/faq -...

DSA-5178-1 intel-microcode - security update

Bulletin has no description...

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2021 & January 2022

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, as used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2021 and January 2022. IBM Virtualization Engine TS7700 has addressed the applicable...

Ubuntu: Security Advisory (USN-5486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5486-1 intel-microcode vulnerabilities

It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service. CVE-2021-0127 Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could u...

Information Disclosure

intel-microcode is vulnerable to information disclosure. The vulnerability exists due to an incomplete cleanup of multi-core shared buffers for some IntelR Processors allowing an attacker to potentially enable information disclosure via local access...

Information Disclosure

intel-microcode is vulnerable to information disclosure. Incomplete cleanup of microarchitectural fill buffers allow an authenticated attacker to potentially enable information disclosure via local access...

Information Disclosure

intel-microcode, sid is vulnerable to information disclosure. An incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-24436

Observable behavioral in power management throttling for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via network access...

microcode_ctl security update

2:2.1-73.13.0.3 - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 2:2.1-73.13.0.2 - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset Orabug: 34076312 2:2.1-73.13.0.1 - for Intel, do not trigger load if on-disk...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.514.5.el7 - x86/speculation/mmio: Fix late microcode loading Patrick Colp Orabug: 34275786 4.14.35-2047.514.4.el7 - Add debugfs for controlling MMIO state data Kanth Ghatraju Orabug: 34202260 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 - KVM: x86/speculation: Disable...

Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities

Executive Summary On June 14, 2022, Intel published information about a class of memory-mapped I/O vulnerabilities known as Processor MMIO Stale Data Vulnerabilities. An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In...

PT-2022-6169 · Intel +5 · Intel Processors +5

Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to incomplete cleanup in specific special register read operations, which may allow an authenticated user to potentially enable information disclosure via loc...

PT-2022-2971 · Intel +1 · Intel Processors +1

Name of the Vulnerable Software and Affected Versions: Intel Processors affected versions not specified Description: The issue is related to improper clearance or release of resources in Intel processor microcode, which may allow an attacker to cause a denial of service. It involves improper inpu...

Unbreakable Enterprise kernel security update

4.14.35-2047.514.5 - x86/speculation/mmio: Fix late microcode loading Patrick Colp Orabug: 34275786 4.14.35-2047.514.4 - Add debugfs for controlling MMIO state data Kanth Ghatraju Orabug: 34202260 CVE-2022-21123 CVE-2022-21127 CVE-2022-21125 CVE-2022-21166 - KVM: x86/speculation: Disable Fill...

Unbreakable Enterprise kernel security update

5.4.17-2136.308.9 - x86/speculation/mmio: Fix late microcode loading Patrick Colp Orabug: 34276099 5.4.17-2136.308.8 - Add debugfs for controlling MMIO state data Kanth Ghatraju Orabug: 34202259 CVE-2022-21123 CVE-2022-21127 CVE-2022-21125 CVE-2022-21166 - KVM: x86/speculation: Disable Fill buffe...

Unbreakable Enterprise kernel security update

5.4.17-2136.308.7 - uek-rpm: Update OL7/8 Secureboot certificate and shim versions Sherry Yang Orabug: 34248329 5.4.17-2136.308.6 - mac80211hwsim: call ieee80211txprepareskb under RCU protection Johannes Berg - arm: remove CONFIGARCHHASHOLESMEMORYMODEL Mike Rapoport - x86/cpu: Load microcode duri...

microcode_ctl security update

4:20220207-1.0.3 - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 4:20220207-1.0.2 - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset Orabug: 34076995 4:20220207-1.0.1 - add support for UEK6 and UEK7 kernels -...

PT-2022-4874 · Qualcomm · Qualcomm Embedded Platform +8

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform versions affected versions not specified Description: The issue is related to a component of the Qualcomm embedded platform's video microcode, specifically a lack of buffer length checks and out-of-bounds memory rea...

SUSE-SU-2022:1923-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: Update to version 20220411 git commit f219d616f42b, bsc1199459: - CVE-2021-26373, CVE-2021-26347, CVE-2021-26376, CVE-2021-26350, CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339, CVE-2021-26348, CVE-2021-26342,...