Red Hat Security Advisory 2024-2005-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.
d769c40fbca1e91204b61a1e88fabd893ca8ceab3f97e9f00805c52e43f22ad0Red Hat Security Advisory 2024-0561-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.
c5997da3edff504c046a4b8ed32abb5e25832b59811f1d48942b4d379ca6a8b4Red Hat Security Advisory 2024-0433-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include an information leakage vulnerability.
c363c1c0280ea944ff6edc0b6243df870a335d8837f4d45496cece02e79e26b5Red Hat Security Advisory 2023-7782-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include an information leakage vulnerability.
83eddbc394ef4a5281e91dcdb603e46604864a86e73aba1967ff7989fe51c06fRed Hat Security Advisory 2023-7513-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Issues addressed include an information leakage vulnerability.
9c216e9b5238e40f6cf5f3130d80a00445fbd2853deb6b8a2641a5eef9159a00Red Hat Security Advisory 2023-7401-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an information leakage vulnerability.
92050e78e75e00512a57b3940dec60ba58f24eb6e75fb04dedaadbe4d37a5ba2Red Hat Security Advisory 2023-7244-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include an information leakage vulnerability.
02cb5d1f2df2116aaa6ce5578d346cc53b06015294cf413313905ff5b81d256aRed Hat Security Advisory 2023-7109-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.
3a612beeddebaf8c2c02ea541cbd031da9f18a93b62888cc55c3b05ebe79ce93Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
d231e9eb22491a28681d89631f3af4b06d452c694529f3f61e5a1f1f2333a3c8Ubuntu Security Notice 6445-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
7161886f27ce432ad514954dd1b3c798e3d98a8a29d07d4592bcf71aae1d37dfUbuntu Security Notice 6445-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
e6b24dd74615cc6c00bd4c9686d9c6103de24a03be2c7b72a6caee0cd088dc72Ubuntu Security Notice 6416-3 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
7a887816f9107b60df8541b3552c4aaff017ce7bcb38a20efdd9a941ee1a370eUbuntu Security Notice 6416-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
b063e3f6be8c77181b424a0cfdc4405df776762ca5688f781a192b755ad403a0Ubuntu Security Notice 6416-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
331f2ead28b7e52720b6f311fc3698392b6dd99793aaafc88fa16cf568162c17Ubuntu Security Notice 6415-1 - Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory. Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code.
ac0576ea83c3691a31572b17759cf26008e0d00fe1b127688ad4fc8be0c5c1ecUbuntu Security Notice 6412-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
eef2bb4192be147f56bfdab3849d216add0a381c00e18c6ca3934a0f72c58c02Ubuntu Security Notice 6319-1 - Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorized memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
264454acc791ce66bd42cd80239785d3fdb569855ceca09b508876ab59fbbefdDebian Linux Security Advisory 5475-1 - Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers. This mitigation requires updated CPU microcode provided in the intel-microcode package. Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered INCEPTION, also known as Speculative Return Stack Overflow (SRSO), a transient execution attack that leaks arbitrary data on all AMD Zen CPUs. An attacker can mis-train the CPU BTB to predict non-architectural CALL instructions in kernel space and use this to control the speculative target of a subsequent kernel RET, potentially leading to information disclosure via a speculative side-channel.
95ac8bf618237ec9a9702db5e01782fb41ac590afd3c1d06d81109f4cc731eeb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed