Astra Linux - уязвимость в linux

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...

Astra Linux - уязвимость в linux

In kernel/bpf/verifier.c in the Linux kernel before version 5.12.13, a branch prediction can be mispredicted e.g., due to type confusion, allowing a non-privileged BPF program to access arbitrary memory locations through a side-channel attack, known as CID-9183671af6db...

EUVD-2022-43798

Malicious code in bioql PyPI...

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction...

CVE-2024-42265

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...

DEBIAN-CVE-2024-42265

In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...

CVE-2024-42265

CVE-2024-42265 pertains to the Linux kernel and was resolved by protecting the fetch of ->fd[fd] in do_dup2() from mispredictions. The issue arose when a mispredicted path could cause tofree = fdt->fd[fd] to be speculatively executed, which is incorrect for bounds reasons. The documented fi...

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render...

CVE-2022-40523

Information disclosure in Kernel due to indirect branch misprediction...

Information disclosure

Information disclosure in Kernel due to indirect branch misprediction...

CVE-2022-40523

CVE-2022-40523 describes information disclosure in the Kernel caused by indirect branch misprediction. The connected records corroborate a kernel‑level information leakage issue; Red Hat and NVD entries simply state the kernel disclosure, with no vendor/version specifics provided in these documen...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

CVE-2022-23825

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure...

DEBIAN-CVE-2022-23960

Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. Then, cache allocation can allow the attacker to obtai...

PT-2021-7855 · Google · Android

Name of the Vulnerable Software and Affected Versions: Kernel affected versions not specified Description: The issue is related to information disclosure in the Kernel due to indirect branch misprediction. This vulnerability is associated with insufficient protection of service data during...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:2352-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2352-1 advisory. - In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:2321-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2321-1 advisory. - An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrmstatefini...

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13 a branch can be mispredicted (e.g. because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack aka CID-9183671af6db.

...

CVE-2021-33624

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db...

PT-2021-3381

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.13 Description The issue is related to a branch misprediction in the Linux kernel's eBPF subsystem, which can be exploited via a side-channel attack, allowing an unprivileged BPF program to read arbitrary...