12 matches found
EUVD-2023-51007
Malicious code in bioql PyPI...
CVE-2024-44948
In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...
CVE-2024-44948 x86/mtrr: Check if fixed MTRRs exist before saving them
In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...
CVE-2024-44948
The CVE-2024-44948 entry applies to the Linux kernel vulnerability where mtrr_save_state() did not verify the fixed MTRR capability bit before accessing fixed MTRR MSRs. This missing capability check could cause a #GP on older CPUs that lack the fixed MTRR capability, though the RDMSR fault would...
CVE-2024-44948 x86/mtrr: Check if fixed MTRRs exist before saving them
In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...
CVE-2023-46841
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...
CVE-2023-46841
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests
ISSUE DESCRIPTION 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different...
PlayStation: SMAP bypass
SMAP is a security feature on x86 CPUs, that forbids ring0 from reading/writing to ring3 pages, making it harder to exploit entire classes of vulnerabilities. There is a vulnerability in FreeBSD 12 that allows SMAP to be bypassed by userland. There is a very high probability that it affects the P...
Rosenbridge - Hardware Backdoors In Some X86 CPUs
project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 userland code to circumvent processor protections to freely read and write ring 0 kernel data. While the backdoor is typically disabled requiring ring 0 execution to...
openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)
The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes...
x86: CPU lockup during exception delivery
ISSUE DESCRIPTION When a benign exception occurs while delivering another benign exception, it is architecturally specified that these would be delivered sequentially. There are, however, cases where this results in an infinite loop inside the CPU, which in the virtualized case can be broken only...