EUVD-2023-24775

Malicious code in bioql PyPI...

EUVD-2023-35626

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel-firmware (SUSE-SU-2024:3081-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3081-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2024:2980-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2980-1 advisory. CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2024:2944-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2944-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

SUSE SLES12 Security Update : kernel-firmware (SUSE-SU-2024:2911-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2911-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2023-31315

A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution. Mitigation Mitigation for this issue is either not availab...

CVE-2023-31315

CVE-2023-31315 centers on an issue with improper validation in a model specific register (MSR) that could let a ring-0 attacker modify SMM configuration when SMI lock is on, potentially enabling arbitrary code execution. The connected documents confirm this is an AMD-related vulnerability affecti...

SPI Lock Bypass

Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity: High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode SMM ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...

CVE-2023-20579

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 kernel mode privileged access to bypass protections potentially resulting in loss of integrity and availability...

CVE-2023-20596

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...

Input validation

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...

CVE-2023-20596

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...

CVE-2023-20596

CVE-2023-20596 involves improper input validation in the AMD SMM Supervisor. A compromised SMI handler could gain Ring0 and potentially execute arbitrary code. Documents show affected AMD platforms across Desktop, Mobile, and Embedded lines, with mitigations delivered via OEM firmware updates (e....

Linux Kernel Use-After-Free Vulnerability

Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user...

SUSE SLES12 Security Update : kernel (Live Patch 39 for SLE 12 SP5) (SUSE-SU-2023:1640-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1640-1 advisory. - A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP4) (SUSE-SU-2023:1639-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1639-1 advisory. - A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be...

CVE-2023-0266 Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...