It has been discovered that on some AMD CPUs, the RAS is dynamically partitioned between non-idle threads. This allows an attacker to control speculative execution on the adjacent thread. The upstream bug report describes this issue as follows:A flaw found in the Linux Kernel in RDS protocol. The rds_rm_zerocopy_callback uses list_entry on the head of a list causing a type confusion. Local user ...
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. An out-of-bounds write vulnerability in the Linux kern ...
Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence.Impact summary: Applications that use the AES-SIV algorithm and want toauthenticate empty data entries as associated data can be mislead by removingadding or reordering such empty entries as these are ignored by the OpenSSLimplementation. W ...
Security Fix: openssl: X.400 address type confusion in X.509 GeneralName For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Security Fix: hw amd: Return Address Predictor vulnerability leading to information disclosure hw: amd: Cross-Process Information Leak For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.