GSD-2022-1003197 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.48 by commit...

GSD-2022-1002527 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.5 by commit...

CVE-2022-26477

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

Apache SystemDS 资源管理错误漏洞

A denial of service vulnerability exists in Apache SystemDS version 2.2.1 and earlier, which stems from the fact that the termination condition of the for loop in the readExternal method is a controlled variable. An attacker could use this vulnerability to tamper with the traversal to cause CPU...

UBUNTU-CVE-2022-34494

rpmsgvirtioaddctrldev in drivers/rpmsg/virtiorpmsgbus.c in the Linux kernel before 5.18.4 has a double free...

The vulnerability of the InCopy text editing software’s built-in font processor allows a hacker to execute arbitrary code.

The vulnerability of the InCopy text editing software’s built-in font processor relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Ubuntu: Security Advisory (USN-5486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Intel Microcode vulnerabilities (USN-5486-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5486-1 advisory. It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use thi...

Lack of Character Limit in Notes Sections Leads to Denial of Service

Description The InvenTree application allows for the inclusion of notes for various objects in the application. The notes functionality does not include a character limit. An attacker can submit an infinite number of characters into the notes section, which causes a denial of service and increase...

Hertzbleed exposes computers’ secret whispers

Hertzbleed is the name for a vulnerability that can be used to obtain cryptographic keys and other secret data from Intel and AMD CPUs, remotely. It works by monitoring changes in power consumption, which can be deduced by the careful timing of known workloads, thanks to a processor power saving...

ALPINE-CVE-2022-21166

Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-21127

Incomplete cleanup in specific special register read operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Information disclosure

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure...

CVE-2022-21166

Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-21166

CVE-2022-21166 is described in connected Astra Linux bulletin as an issue in incomplete cleanup in specific special register write operations for some Intel processors, potentially allowing an authenticated local user to disclose information. The description mirrors the vulnerability text in the ...

CVE-2022-21127

Incomplete cleanup in specific special register read operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-20174

In exynossecEnvinit of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2022-24436

A potential vulnerability in some Intel® processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. Mitigation Currently, there is no mitigation for this flaw. Intel has provided some guidance to developers of...

June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 55 vulnerabilities aka flaws in the June 2022 update, including three 3 vulnerabilities classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday cumulative Windows update includes the fix for one 1 zero-day...

PT-2022-2971 · Intel +1 · Intel Processors +1

Name of the Vulnerable Software and Affected Versions: Intel Processors affected versions not specified Description: The issue is related to improper clearance or release of resources in Intel processor microcode, which may allow an attacker to cause a denial of service. It involves improper inpu...