38 matches found
OESA-2026-1440 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity atta...
Fedora: Security Advisory (FEDORA-2025-4c1d09a51b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : kernel (2025-4c1d09a51b)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-4c1d09a51b advisory. The 6.16.7 stable kernel updates contain mitigation for the VMSCAPE vulnerability on x86 CPUs. This has been assigned CVE-2025-40300 ---- The 6.16.6 stable...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing null entry in the erratum1386microcode array on the x86/CPU/AMD subsystem...
OESA-2024-2524 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: CVE-2024-21820 CVE-2024-21853...
SUSE CVE-2023-52497
In the Linux kernel, the following vulnerability has been resolved: erofs: fix lz4 inplace decompression Currently EROFS can map another compressed buffer for inplace decompression, that was used to handle the cases that some pages of compressed data are actually not in-place I/O. However, like...
kernel: save/restore speculative MSRs during S3 suspend/resume
A flaw was found in the Linux kernel X86 CPU Power management when resuming CPU from suspend-to-RAM. This issue could allow a local user unauthorized access to memory from the CPU...
USN-6123-1: Linux kernel (OEM) vulnerabilities
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrar...
CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl
CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...
x86: MMIO Stale Data vulnerabilities
ISSUE DESCRIPTION This issue is related to the SRBDS, TAA and MDS vulnerabilities. Please see: https://xenbits.xen.org/xsa/advisory-320.html SRBDS https://xenbits.xen.org/xsa/advisory-305.html TAA https://xenbits.xen.org/xsa/advisory-297.html MDS Please see Intel's whitepaper:...
Xen Speculative Side Channel Information Disclosure (XSA-320)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue. Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via loca...
Special Register Buffer speculative side channel
ISSUE DESCRIPTION This issue is related to the MDS and TAA vulnerabilities. Please see https://xenbits.xen.org/xsa/advisory-297.html MDS and https://xenbits.xen.org/xsa/advisory-305.html TAA for details. Certain processor operations microarchitecturally need to read data from outside the physical...
Important: Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update
An update for microcodectl is now available for Red Hat Enterprise Linux 7. The microcodectl packages provide microcode updates for Intel x86 processors. This update adds the following enhancement: Update Intel microcode version to microcode-20191112 BZ1769889 Users of microcodectl are advised to...
Important: Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update
An update for microcodectl is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. The microcodectl packages provide microcode updates for Intel x86 processors. This update adds the following enhancement: Update Intel microcode version to microcode-20191112 BZ1769883 Users of...
TSX Asynchronous Abort speculative side channel
ISSUE DESCRIPTION This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019. Please see https://xenbits.xen.org/xsa/advisory-297.html for details about MDS. A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous...
USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4093-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4093-1 advisory. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause...
Debian DLA-1884-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4095-1 advisory. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4094-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...