Astra Linux – Vulnerability in Linux

In kernel/bpf/verifier.c in the Linux kernel before version 5.12.13, a branch prediction can be mispredicted e.g., due to type confusion, allowing a non-privileged BPF program to access arbitrary memory locations through a side-channel attack, known as CID-9183671af6db...

Astra Linux – Vulnerability in Linux 5.15, Linux

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...

EUVD-2022-43798

Malicious code in bioql PyPI...

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction...

CVE-2024-42265

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...

DEBIAN-CVE-2024-42265

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...

CVE-2024-42265

CVE-2024-42265 pertains to the Linux kernel and was resolved by protecting the fetch of ->fd[fd] in do_dup2() from mispredictions. The issue arose when a mispredicted path could cause tofree = fdt->fd[fd] to be speculatively executed, which is incorrect for bounds reasons. The documented fi...

Vulnerability of microprogramming software for Intel, AMD, ARM, and IBM processors: This vulnerability arises due to the creation of racing states in a speculative mode, which can lead to access to already freed memory areas. If the processor mispredicts the branching in the code, it allows a hacker to gain access to protected memory.

The vulnerability of microprogramming software for processors from Intel, AMD, ARM, and IBM arises from the existence of speculative execution states that can lead to access to already freed memory areas, if the processor mispredicts branch instructions in the code. Exploiting this vulnerability...

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render...

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction...

Information disclosure

Information disclosure in Kernel due to indirect branch misprediction...

CVE-2022-40523

CVE-2022-40523 describes information disclosure in the Kernel caused by indirect branch misprediction. The connected records corroborate a kernel‑level information leakage issue; Red Hat and NVD entries simply state the kernel disclosure, with no vendor/version specifics provided in these documen...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure...

DEBIAN-CVE-2022-23960

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...

PT-2021-7855 · Google · Android

Name of the Vulnerable Software and Affected Versions: Kernel affected versions not specified Description: The issue is related to information disclosure in the Kernel due to indirect branch misprediction. This vulnerability is associated with insufficient protection of service data during...

SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2021:2352-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2352-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: ...

SUSE SLES12: kernel-azure / kernel-azure-base / kernel-azure-devel / etc (SUSE-SU-2021:2321-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2321-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixe...

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13 a branch can be mispredicted (e.g. because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack aka CID-9183671af6db.

...

CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db...