Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6207-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6207-1 advisory. It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cau...

SUSE SLES12 Security Update : kernel (SUSE-SU-2023:2156-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2156-1 advisory. - A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA PC-card Ethernet driver was found.A local user could use this flaw to crash th...

CVE-2023-1998 Spectre v2 SMT mitigations problem in Linux kernel

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

Amazon Linux AMI : kernel (ALAS-2023-1701)

The version of kernel installed on the remote host is prior to 4.14.309-159.529. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1701 advisory. Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as...