CVE-2019-0119

CVE-2019-0119 is a buffer overflow in system firmware affecting Intel Xeon D Family, Intel Xeon Scalable Processors, Intel Server Board/System, and Intel Compute Module. The underlying issue is in the firmware that could allow a privileged local user to escalate privileges and/or cause a denial o...

CVE-2019-0120

Insufficient key protection vulnerability in silicon reference firmware for IntelR PentiumR Processor J Series, IntelR PentiumR Processor N Series, IntelR CeleronR J Series, IntelR CeleronR N Series, IntelR AtomR Processor A Series, IntelR AtomR Processor E3900 Series, IntelR PentiumR Processor...

CVE-2019-0126

CVE-2019-0126 describes insufficient access control in the silicon reference firmware for Intel Xeon Scalable and Xeon D Family CPUs, potentially allowing a local privileged user to escalate privileges or cause DoS. Public documents confirm the affected platform and impact but do not provide expl...

[SECURITY] Fedora 29 Update: qemu-3.0.1-3.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Fedora Update for qemu FEDORA-2019-f910d35647

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MGASA-2019-0172 Updated kernel-linus packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

MGASA-2019-0171 Updated kernel-tmb packages fixes security vulnerabilities

This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service attacks. This is due to a missing processor feature check and an erroneous use of transactional memory TM instructions in the core dump path. A crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain...

Debian DLA-1787-1 : linux-4.9 security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures buffers. This flaw could allow an attacker controlling an unprivileged process to read sensitive...

Debian: Security Advisory (DLA-1787-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Processor Speculative Execution Vulnerabilities (Linux)

The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by : - Spectre variant 1 CVE-2017-5753 - Spectre variant 2 CVE-2017-5715 - Meltdown CVE-2017-5754 Binary data linuxkernelspeculativeexecutiondetect.nbin...

Debian: Security Advisory (DSA-4444-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco Small Business Sx200, Sx300, Sx500, ESW2 Series Managed Switches and Small Business Sx250, Sx350, Sx550 Series Switches could allow an authenticated, remote attacker to cause the SNMP application of an...

[SECURITY] [DLA 1787-1] linux-4.9 security update

Package : linux-4.9 Version : 4.9.168-1+deb9u2deb8u1 CVE ID : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Debian Bug : 928125 Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into...

Amazon, Apple, Google & Microsoft issue patches to fix ZombieLoad bug

By Uzair Amir Computers containing Intel chips from 2011 onwards are vulnerable to ZombieLoad bug. Intel processor chips have lately been accused of being flawed and unreliable in ensuring optimal computer performance and the current news further reinforces the fact that Intel needs to up its gam...

perfetto/trace_processor_fuzzer: Crash in perfetto::trace_processor::fuchsia_trace_utils::ReadTimestamp

Project: https://android.googlesource.com/platform/external/perfetto/ Detailed report: https://oss-fuzz.com/testcase?key=5197616339484672 Project: perfetto Fuzzer: libFuzzerperfettotraceprocessorfuzzer Fuzz target binary: traceprocessorfuzzer Job Type: libfuzzerasanperfetto Platform Id: linux Cra...

RHEL 6 : qemu-kvm (RHSA-2019:1198)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1198 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide th...

Debian DSA-4444-1 : linux - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures buffers. This flaw could allow an attacker controlling an unprivileged process to read sensitive...

[SECURITY] [DSA 4444-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4444-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2019 https://www.debian.org/security/faq -...

hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)

Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off address generation...