28 matches found
OESA-2026-1440 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Improper handling of values in the microcode flow for some IntelR Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity atta...
Fedora: Security Advisory (FEDORA-2025-4c1d09a51b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : kernel (2025-4c1d09a51b)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-4c1d09a51b advisory. The 6.16.7 stable kernel updates contain mitigation for the VMSCAPE vulnerability on x86 CPUs. This has been assigned CVE-2025-40300 ---- The 6.16.6 stable...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing null entry in the erratum1386microcode array on the x86/CPU/AMD subsystem...
OESA-2024-2524 microcode_ctl security update
This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: CVE-2024-21820 CVE-2024-21853...
kernel: save/restore speculative MSRs during S3 suspend/resume
A flaw was found in the Linux kernel X86 CPU Power management when resuming CPU from suspend-to-RAM. This issue could allow a local user unauthorized access to memory from the CPU...
x86: MMIO Stale Data vulnerabilities
ISSUE DESCRIPTION This issue is related to the SRBDS, TAA and MDS vulnerabilities. Please see: https://xenbits.xen.org/xsa/advisory-320.html SRBDS https://xenbits.xen.org/xsa/advisory-305.html TAA https://xenbits.xen.org/xsa/advisory-297.html MDS Please see Intel's whitepaper:...
Xen Speculative Side Channel Information Disclosure (XSA-320)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue. Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via loca...
Special Register Buffer speculative side channel
ISSUE DESCRIPTION This issue is related to the MDS and TAA vulnerabilities. Please see https://xenbits.xen.org/xsa/advisory-297.html MDS and https://xenbits.xen.org/xsa/advisory-305.html TAA for details. Certain processor operations microarchitecturally need to read data from outside the physical...
TSX Asynchronous Abort speculative side channel
ISSUE DESCRIPTION This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019. Please see https://xenbits.xen.org/xsa/advisory-297.html for details about MDS. A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous...
USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
Debian DLA-1884-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (AWS) vulnerability (USN-4096-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4096-1 advisory. Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4093-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4093-1 advisory. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4095-1 advisory. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during...
Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4094-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...
USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities
USN-4095-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux...
USN-4096-1: Linux kernel (AWS) vulnerability
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information kernel memory...
USN-4095-1: Linux kernel vulnerabilities
Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. CVE-2018-5383 It was discovered that a...
USN-4094-1: Linux kernel vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...