SUSE CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

hw: cpu: arm64: Spectre-BHB

A new cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, was found in hw. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influence mispredicted branches within t...

[Important] [Security] Virtuozzo ReadyKernel Patch 157.3 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. Vulnerability id: PSBM-147036 3.10.0-1160.41.1.vz7.183.5 to 3.10.0-1160.80.1.vz7.191.4 Partial fix to prevent memory leak for some cases in the...

CVE-2023-34415

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host a...

CVE-2023-34415

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host a...

CVE-2023-34415

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host a...

UBUNTU-CVE-2023-34415

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host a...

Mozilla Firefox < 114.0

The version of Firefox installed on the remote Windows host is prior to 114.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-20 advisory. - Mozilla developers and community members Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team reported memory...

PT-2022-6662 · Ampere +4 · Ampereone +4

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified AmpereOne hardware affected versions not specified Description: A known cache speculation issue, similar to Spectre v2, allows malicious code to influence mispredicted branches within a victim's hardware...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2022:2549-1 Rating: important References: 1065729 1179195 1180814 1184924 1185762 1192761 1193629 1194013 1195504 1195775 1196901 1197362 1197754 1198020 1198924 1199482 1199487 1199489 1199657 1200217...

kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory

A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all syste...

CVE-2021-31829

A flaw was found in the Linux kernel's eBPF verification code. By default, accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. This flaw allows a local user who can insert eBPF instructions, to use the eBPF verifier to abuse a spectre-like flaw and infer all syste...

New Spectre-Like Attacks

Theres new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details: The new line of attacks exploits the micro-op...

CVE-2020-27170

A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all...

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache...

Intel CPUs Impacted By New Class of Spectre-Like Attacks

A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling MDS, consist o...

Report: Intel Facing New Spectre-Like Security Flaws

Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges. The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018. German magazine c’t reported on Thursday that the new security flaws in Intel CP...