Fedora 38 : golang (2023-8ee7d4a8e3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8ee7d4a8e3 advisory. go1.20.2 released 2023-03-07 includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, t...

Fedora 37 : golang (2023-dc0a020a2e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-dc0a020a2e advisory. go1.19.7 released 2023-03-07 includes a security fix to the crypto/elliptic package, as well as bug fixes to the linker, the runtime, and the crypto/x509 and...

USN-5991-1: Linux kernel (GCP) vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

USN-5991-1 linux-gcp-4.15 vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5984-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5984-1 advisory. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use...

USN-5979-1 linux-hwe-5.19 vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

USN-5979-1: Linux kernel (HWE) vulnerabilities

It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2022-2196 It was discovered...

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5979-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5979-1 advisory. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs...

Ubuntu: Security Advisory (USN-5970-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

SUSE SLES12 Security Update : xen (SUSE-SU-2023:0846-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0846-1 advisory. - x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one...

SUSE SLES12 Security Update : kernel (SUSE-SU-2023:0852-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0852-1 advisory. - A use-after-free read flaw was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen and connect in...

Amazon Linux AMI : kernel (ALAS-2023-1706)

The version of kernel installed on the remote host is prior to 4.14.305-155.531. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1706 advisory. Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interfac...

SUSE-SU-2023:0859-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode bsc1209017. - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling bsc1209018. - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL...

DEBIAN-CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

ALPINE-CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

CVE-2022-42331

CVE-2022-42331 describes a Xen hypervisor SPECULATIVE execution vulnerability on the x86 32-bit SYSCALL path. Root cause: an oversight in the original Spectre/Meltdown work (XSA-254) leads to an entrypath performing its speculation-safety actions too late, leaving an unprotected RET instruction i...