CVE-2019-18808

A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. Mitigation In order to mitigate this issue it is possible ...

Buffer Overflow Vulnerability in Multiple Qualcomm Products (CNVD-2020-03580)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product. A buffer overflow vulnerability exists in the Multi-mode Call processor in multiple...

CVE-2019-0165

Insufficient Input validation in the subsystem for IntelR CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access...

CVE-2019-2274

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking ...

Improper access control

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking ...

CVE-2019-2274

CVE-2019-2274 describes an Improper Access Control issue for RPU write access from the secure processor in Qualcomm-supplied Snapdragon platforms (Auto, Compute, CE Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure/Networking). Affected families include APQ80...

CVE-2019-2274

Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking ...

Intel® Processor Diagnostic Tool Advisory

Summary: A potential security vulnerability in the Intel® Processor Diagnostic Tool may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-11133...

Security Bulletin: IBM System Planning Tool for POWER processor-based systems (TESTING NOTIFICATION)

Summary IBM System Planning Tool for POWER processor-based systems Vulnerability Details Overview Download Releases Support Current version IBM System Planning Tool - Version 6.18.047.0 EXE, 192MB Important note for Symantec Endpoint Protection Users: In order to avoid problems with the download ...

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

A new attack called Plundervolt gives attackers access to the sensitive data stored in a processor's secure enclave...

CVE-2019-19587

In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console...

Multiple Qualcomm Products Resource Management Error Vulnerability (CNVD-2020-16058)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9650 is a central processing unit CPU product. A resource management error vulnerability exists in DSP Services in multiple Qualco...

USN-4182-3: Intel Microcode regression

USN-4182-1 provided updated Intel Processor Microcode. A regression was discovered that caused some Skylake processors to hang after a warm reboot. This update reverts the microcode for that specific processor family. We apologize for the inconvenience. Original advisory details: Stephan van...

HTTP/2: large amount of data requests leads to denial of service

A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...

Oracle Linux 8 : kernel (ELSA-2019-3871)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3871 advisory. 4.18.0-147.0.31.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

hw: Machine Check Error on Page Size Change (IFU)

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

2019.2 IPU – Intel® TXT Advisory

Summary: A potential security vulnerability in Intel® Trusted Execution Technology TXT with Intel® Processor Graphics may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-0184 Description: Insufficie...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

2019.2 IPU – Intel® SGX with Intel® Processor Graphics Update Advisory

Summary: A potential security vulnerability in Intel® Software Guard Extensions SGX enabled processors with Intel® Processor Graphics may allow information disclosure. Intel is releasing software and firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID:...

Updated kernel packages fix security vulnerabilities

This kernel update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. TSX...