CVE-2024-46832

...

The vulnerability of the Serial Peripheral Interface (SPI) protection function in AMD microprocessor software allows attackers to circumvent security restrictions, enhance their privileges, or execute arbitrary code.

The vulnerability of the Serial Peripheral Interface SPI protection function in AMD microprocessor-based software is related to insufficient protection of system data. Exploiting this vulnerability can allow attackers to circumvent security restrictions, gain additional privileges, or execute...

VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with...

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace CVE-2024-2193, it is a variation of the transient execution CPU vulnerability known as Spectre v1 CVE-2017-5753. The approach combines speculative...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12151)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12151 advisory. 5.4.17-2136.328.3 - IB/cm: Cancel mad on the DREQ event when the state is MRAREPRCVD Mark Zhang Orabug: 36143228 - KSPLICE: make sure the stack is...

F5 Networks BIG-IP : Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) (K97035296)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K97035296 advisory. - Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution...

Vulnerability of AMD microprocessor microprogramming software, allowing attackers to gain access to protected information

The vulnerability of AMD’s microprogramming software is related to the accessibility of protected data during the “divide by zero” exception processing. Exploiting this vulnerability can allow an attacker to gain access to protected information...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2023-2541)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2383)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read a...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5728-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5728-1 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading t...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

Oracle Linux 8 : kernel (ELSA-2022-7110)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7110 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - intelidle: Fix false positive RCU splats due to incorrect hardirqs state Waiman Long 2103167...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9710 advisory. - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - arm64: proton-pack: provide...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9709)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9709 advisory. - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - arm64: proton-pack: provide...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5566-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5566-1 advisory. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a rout...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2549-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2549-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in...

CVE-2022-31207

The CVE-2022-31207 issue affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs (through 2022-05-18). The root cause is lack of cryptographic authentication for the FINS (9600/TCP) engineering protocol, allowing an attacker to manipulate downloaded object code that the PLC runs either in ASIC...

CVE-2022-31207

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2478-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2478-1 advisory. - The usbserialconsoledisconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denia...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2377-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...