Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-5854-1: Linux kernel vulnerabilities

2023-02-10 KENNETH 0

USN-5854-1: Linux kernel vulnerabilities It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. (CVE-2022-2663) Johannes Wikner and Kaveh Razavi discovered that [ more… ]

No Image

USN-5853-1: Linux kernel vulnerabilities

2023-02-10 KENNETH 0

USN-5853-1: Linux kernel vulnerabilities It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was discovered that [ more… ]

No Image

Announcing Windows 11 Insider Preview Build 22621.1255 and 22623.1255

2023-02-10 KENNETH 0

Announcing Windows 11 Insider Preview Build 22621.1255 and 22623.1255 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 22621.1255 and Build 22623.1255 (KB5022918) to the Beta Channel. Build 22623.1255 = New features rolling out. Build 22621.1255 = New features off by default. REMINDER: Insiders who were previously on Build 22622 will automatically get moved to Build 22623 via an enablement package. The enablement package artificially increments the build number for the update with new features getting rolled out and turned on to make it easier to differentiate from devices with the update with features off by default. This approach is being used for the Beta Channel only and is not indicative of any changes or plans for final feature rollouts. Insiders who landed in the group with new features turned off by default (Build 22621.xxxx) can check for [ more… ]

No Image

Announcing Windows 11 Insider Preview Build 25295

2023-02-10 KENNETH 0

Announcing Windows 11 Insider Preview Build 25295 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 25295 to the Dev Channel. TL;DR This build includes a new commercial policy and a good set of improvements and fixes. What’s new New commercial policy: Enable features introduced via servicing that are off by default This new policy enables commercial customers to enable features introduced via servicing (outside of the annual feature update) that are off by default for devices that have their Windows updates managed. Windows update managed devices are those that have their Windows updates managed via policy; whether via the cloud using Windows Update for Business or on-premises with Windows Server Update Services (WSUS). While this policy is available for Insider Preview builds in the Dev Channel, there aren’t any features currently in Dev Channel behind the [ more… ]

No Image

USN-5852-1: OpenStack Swift vulnerability

2023-02-10 KENNETH 0

USN-5852-1: OpenStack Swift vulnerability It was discovered that OpenStack Swift incorrectly handled certain XML files. A remote authenticated user could possibly use this issue to obtain arbitrary file contents containing sensitive information from the server. Source: USN-5852-1: OpenStack Swift vulnerability