Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

There is a use-after-free vulnerability in the ALSA PCM package within the Linux kernel. The SNDRVCTLIOCTLELEMREAD|WRITE32 function lacks locks that could be exploited in a use-after-free situation, leading to an escalation of privileges to gain ring0 access from the system user. We recommend...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

EUVD-2008-1149

Malware in sbrugna...

EUVD-2023-24775

Malicious code in bioql PyPI...

EUVD-2023-24757

Malicious code in bioql PyPI...

EUVD-2023-35626

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel-firmware (SUSE-SU-2024:3081-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3081-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2024:2980-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2980-1 advisory. CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2024:2944-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2944-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

SUSE SLES12 Security Update : kernel-firmware (SUSE-SU-2024:2911-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2911-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2023-31315

A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution. Mitigation Mitigation for this issue is either not availab...

CVE-2023-31315

CVE-2023-31315 centers on an issue with improper validation in a model specific register (MSR) that could let a ring-0 attacker modify SMM configuration when SMI lock is on, potentially enabling arbitrary code execution. The connected documents confirm this is an AMD-related vulnerability affecti...

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode SMM ROM protections...

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode SMM ROM protections...

CVE-2022-23829

CVE-2022-23829 describes a potential weakness in AMD SPI protection features that could allow a Ring0 (kernel mode) attacker to bypass native SMM ROM protections. AMD's bulletin (AMD-SB-1041) lists affected products across Ryzen Ryzen 5000/6000/7000 series, Threadripper PRO, and EPYC generations,...

SPI Lock Bypass

Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity: High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode SMM ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...

CVE-2023-20579

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 kernel mode privileged access to bypass protections potentially resulting in loss of integrity and availability...

Design/Logic Flaw

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 kernel mode privileged access to bypass protections potentially resulting in loss of integrity and availability...