Red Hat Security Advisory 2023-7513-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Issues addressed include an information leakage vulnerability.
9c216e9b5238e40f6cf5f3130d80a00445fbd2853deb6b8a2641a5eef9159a00Red Hat Security Advisory 2023-7401-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an information leakage vulnerability.
92050e78e75e00512a57b3940dec60ba58f24eb6e75fb04dedaadbe4d37a5ba2Red Hat Security Advisory 2023-7244-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include an information leakage vulnerability.
02cb5d1f2df2116aaa6ce5578d346cc53b06015294cf413313905ff5b81d256aRed Hat Security Advisory 2023-7109-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.
3a612beeddebaf8c2c02ea541cbd031da9f18a93b62888cc55c3b05ebe79ce93Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
d231e9eb22491a28681d89631f3af4b06d452c694529f3f61e5a1f1f2333a3c8Ubuntu Security Notice 6445-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
7161886f27ce432ad514954dd1b3c798e3d98a8a29d07d4592bcf71aae1d37dfUbuntu Security Notice 6445-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
e6b24dd74615cc6c00bd4c9686d9c6103de24a03be2c7b72a6caee0cd088dc72Ubuntu Security Notice 6416-3 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
7a887816f9107b60df8541b3552c4aaff017ce7bcb38a20efdd9a941ee1a370eUbuntu Security Notice 6416-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
b063e3f6be8c77181b424a0cfdc4405df776762ca5688f781a192b755ad403a0Ubuntu Security Notice 6416-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
331f2ead28b7e52720b6f311fc3698392b6dd99793aaafc88fa16cf568162c17Ubuntu Security Notice 6415-1 - Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory. Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code.
ac0576ea83c3691a31572b17759cf26008e0d00fe1b127688ad4fc8be0c5c1ecUbuntu Security Notice 6412-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
eef2bb4192be147f56bfdab3849d216add0a381c00e18c6ca3934a0f72c58c02Ubuntu Security Notice 6319-1 - Daniël Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorized memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.
264454acc791ce66bd42cd80239785d3fdb569855ceca09b508876ab59fbbefdDebian Linux Security Advisory 5475-1 - Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers. This mitigation requires updated CPU microcode provided in the intel-microcode package. Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered INCEPTION, also known as Speculative Return Stack Overflow (SRSO), a transient execution attack that leaks arbitrary data on all AMD Zen CPUs. An attacker can mis-train the CPU BTB to predict non-architectural CALL instructions in kernel space and use this to control the speculative target of a subsequent kernel RET, potentially leading to information disclosure via a speculative side-channel.
95ac8bf618237ec9a9702db5e01782fb41ac590afd3c1d06d81109f4cc731eeb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed