Race condition

In the FastRPC driver in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails...

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

[SECURITY] Fedora 27 Update: qemu-2.10.1-4.fc27

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

HPSBHF03586 rev. 1 - DCI Policy Update

Potential Security Impact Information disclosure and escalation of privilege via limited physical presence. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel platforms, starting with Skylake, support a USB 3-based debugging interface a.k.a. Direct...

Intel Processor Diagnostic Tool (IPDT) Privilege Escalation Vulnerability

Intel Processor Diagnostic Tool IPDT versions prior to 4.1.0.27 suffer from three code execution and privilege escalation vulnerabilities. Hi @ll, the executable installers of Intel's Processor Diagnostic Tool IPDT before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow...

Intel Processor Diagnostic Tool (IPDT) Privilege Escalation

Hi @ll, the executable installers of Intel's Processor Diagnostic Tool IPDT before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow arbitrary code execution with escalation of privilege, plus a fourth which allows denial of service. Intel published advisory SA-00140 on...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1179)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms...

CVE-2018-11259

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and...

Intel® Processor Diagnostic Tool Privilege Escalation Vulnerability

Summary: Privilege escalation Description: Permissions issue with IPDT Installer v4.1.0.24 installs 3 files within improper permissions, allowing for arbitrary code execution and escalation of privileges CVSS Score 8.3 - High: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Affected products: IPDT –...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20180626) (Spectre)

Security Fixes : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged...

kernel security and bug fix update

3.10.0-862.6.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.6.3 - x86 always enable eager FPU by default on non-AMD processors Paolo...

[SECURITY] Fedora 28 Update: qemu-2.11.1-3.fc28

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Multiple Cisco Products NX-OS Software SNMP Denial of Service Vulnerabilities

Cisco Nexus 2000 Series Switches are products of Cisco Corporation.Cisco Nexus 2000 Series Switches are switch devices.Fabric Modules are switch matrix modules.NX-OS Software is a set of data center-grade operating system software for the switches.Simple Network Management Protocol SNMP input...

USN-3690-1 amd64-microcode update

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

CVE-2018-0291

A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol...

Security Bulletin: IBM® DB2® LUW's Command Line Processor Contains Buffer Overflow Vulnerability (CVE-2017-1297).

Summary IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server Command Line Process CLP is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. Vulnerability Details CVEID: CVE-2017-1297 DESCRIPTION:...

kernel security update

3.10.0-862.3.3.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.3.3 - x86 always enable eager FPU by default on non-AMD processors Paolo...

USN-3679-1 qemu update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

OpenSSL CVE-2018-0732 Denial of Service Vulnerability

Description OpenSSL is prone to denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.0.2a OpenSSL Project OpenSSL 1.0.2b OpenSSL Project OpenSSL 1.0.2c OpenSSL...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1505-1)

This update for the Linux Kernel 4.4.74-9229 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel ...