CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

Design/Logic Flaw

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

CVE-2023-3006

A known cache speculation vulnerability, the Branch History Injection BHI or Spectre-BHB, was found in new hw that are cores Cortex: A57, A72, A76, A77, A78, A78AE, A78C, A710, X1, X2; Neoverse: N1, N2, V1; Ampere1. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared...

CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

CVE-2023-3006

CVE-2023-3006 describes a Spectre-BHB (Branch History Injection) cache-speculation vulnerability affecting AmpereOne hardware. Malicious code can use the CPU Branch History Buffer to influence mispredicted branches, triggering speculative execution that leads to cache allocation and potential inf...

CVE-2023-3006

A known cache speculation vulnerability, known as Branch History Injection BHI or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history stored in the CPU Branch History Buffer, or BHB to influenc...

SUSE SLES12 Security Update : kernel (SUSE-SU-2023:2162-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2162-1 advisory. The SUSE Linux Enterprise 12 SP5 AZURE kernel was updated to receive various security and bugfixes. The following security bugs wer...

OESA-2023-1266 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.CVE-2023-1990 The Linux kernel before 6.2.9 has a race...

DEBIAN-CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next...

CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

AZL-26368 CVE-2023-1998 affecting package kernel for versions less than 5.15.111.1-1

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

DEBIAN-CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

AZL-26234 CVE-2023-1998 affecting package hyperv-daemons for versions less than 5.15.118.1-1

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

The vulnerability of the prctl function in the Linux operating system’s kernel, which allows a hacker to gain access to protected information

The vulnerability of the prctl function in the Linux operating system’s kernel is caused by incorrect implementation of optimizations. Exploiting this vulnerability can allow an attacker to gain access to protected information using the PRSETSPECULATIONCTRL parameter...

UBUNTU-CVE-2023-1998

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to...

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...