CVE-2022-27672

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure...

DEBIAN-CVE-2022-27672

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure...

ALPINE-CVE-2022-27672

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure...

UBUNTU-CVE-2022-27672

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure...

The vulnerability of AMD’s SMT processor technology, which allows a hacker to disclose protected information

The vulnerability of AMD’s SMT processor technology is related to errors that occur after the processor’s core exits the C0 sleep state. Exploiting this vulnerability can allow an attacker to disclose protected information i.e., gain access to the RAP Return Address Predictor...

ThreatHound - Tool That Help You On Your IR & Threat Hunting And CA

This tool will help you on your IR & Threat Hunting & CA. just drop your event log file and anlayze the results. New Release Features: support windows ThreatHound.exe C for Linux based new vesion available in C also now you can save results in json file or print on screen it as you want by arg...

SUSE CVE-2022-27672

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure...

SUSE CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...

SUSE CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue to CVE-2015-0899...

SUSE CVE-2016-8605

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Th...

SUSE CVE-2016-8623

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure...

SUSE CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

Mozilla: Use-after-free in InputStream implementation

The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash...

BlueSky ransomware incorporates Multithreading to expedite encryption

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary BlueSky ransomware is actively targeting businesses and demanding a ransom. It appears that they have ties with the Conti ransomware group. The malware is now primarily targeting Windows hosts and uses...

Information disclosure

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

CVE-2021-46778

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

Exploit for CVE-2022-21907

CVE-2022-21907 Golang Application by 1vere$k CVE-2022-21907 -...

libvirt: segmentation fault during VM shutdown can lead to vdsm hang

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down...

UBUNTU-CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...