No Image

USN-6096-1: Linux kernel vulnerabilities

2023-05-23 KENNETH 0

USN-6096-1: Linux kernel vulnerabilities It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Haowei Yan discovered that a race condition existed in the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel. A local attacker could possibly use this [ more… ]

No Image

USN-6095-1: Linux kernel vulnerabilities

2023-05-23 KENNETH 0

USN-6095-1: Linux kernel vulnerabilities Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513) It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial [ more… ]

No Image

USN-6094-1: Linux kernel vulnerabilities

2023-05-23 KENNETH 0

USN-6094-1: Linux kernel vulnerabilities Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in [ more… ]

Announcing Windows 11 Insider Preview Build 25370

2023-05-23 KENNETH 0

Announcing Windows 11 Insider Preview Build 25370 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 25370 to the Canary Channel. REMINDER: As builds released to the Canary Channel are “hot off the presses,” we will offer limited documentation for builds flighted to the Canary Channel (no known issues for example), but we will not publish a blog post for every flight – only when new features are available in a build. And like the previous Canary Channel build, this build has a few new features and changes to document. What’s new in Build 25370 Support for vTPM in Hyper-V on Windows on Arm (Arm64) builds After upgrading your host OS to the latest flighted build (Build 25370 and higher), you will now be able to upgrade guest Windows on Arm VM’s to Windows 11 Insider Preview [ more… ]

No Image

USN-6093-1: Linux kernel (BlueField) vulnerabilities

2023-05-22 KENNETH 0

USN-6093-1: Linux kernel (BlueField) vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. (CVE-2023-1829) It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3108) It [ more… ]