Download
| Alert*
oval:org.secpod.oval:def:1700932
A flaw was found in hw. Processor optimization removal or modification of security-critical code for some Intel processors may potentially allow an authenticated user to enable information disclosure via local access oval:org.secpod.oval:def:89046402 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to ca ... oval:org.secpod.oval:def:707155 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:1505775 [4.14.35-2047.514.5.el7uek] - x86/speculation/mmio: Fix late microcode loading [Orabug: 34275786] [4.14.35-2047.514.4.el7uek] - Add debugfs for controlling MMIO state data [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill bu ... oval:org.secpod.oval:def:1505773 [5.4.17-2136.308.9.el7] - x86/speculation/mmio: Fix late microcode loading [Orabug: 34276099] [5.4.17-2136.308.8.el7] - Add debugfs for controlling MMIO state data [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer cle ... oval:org.secpod.oval:def:1505772 [5.4.17-2136.308.9.el7uek] - x86/speculation/mmio: Fix late microcode loading [Orabug: 34276099] [5.4.17-2136.308.8.el7uek] - Add debugfs for controlling MMIO state data [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buff ... oval:org.secpod.oval:def:1505779 [4.14.35-2047.514.5.el7] - x86/speculation/mmio: Fix late microcode loading [Orabug: 34275786] [4.14.35-2047.514.4.el7] - Add debugfs for controlling MMIO state data [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer c ... oval:org.secpod.oval:def:86473 intel-microcode: Processor microcode for Intel CPUs Several security issues were fixed in Intel Microcode. oval:org.secpod.oval:def:88375 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 Various researchers discovered flaws in Intel processors, collectively referred to as MMIO Stale Data vulnerabili ... oval:org.secpod.oval:def:81572 The host is missing an important security update for KB5014752 oval:org.secpod.oval:def:3300443 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89047473 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. - ... oval:org.secpod.oval:def:1505908 [3:1.17-33.31.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [3:1.17-33.31.0.2] - update Intel microcode bundle to 20210608 [3:1.17-33.31.0.1] - recognize the "force-intel" file path available on EL7+ [orabug 31655792] ... oval:org.secpod.oval:def:1505793 [2:2.1-73.13.0.5] - ensure UEK also rebuilds initramfs [Orabug: 34280052] [2:2.1-73.13.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [2:2.1-73.13.0.2] - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Ora ... oval:org.secpod.oval:def:81568 The host is missing an important security update for KB5014743 oval:org.secpod.oval:def:1505794 [4:20220207-1.0.4] - ensure UEK also rebuilds initramfs [Orabug: 34280058] oval:org.secpod.oval:def:608640 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 Various researchers discovered flaws in Intel processors, collectively referred to as MMIO Stale Data vulnerabili ... oval:org.secpod.oval:def:1505763 [2:2.1-73.13.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [2:2.1-73.13.0.2] - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076312] [2:2.1-73.13.0.1] - for Intel, do not trigger load if on-di ... oval:org.secpod.oval:def:1505766 [5.4.17-2136.308.9.el8uek] - x86/speculation/mmio: Fix late microcode loading [Orabug: 34276099] [5.4.17-2136.308.8.el8uek] - Add debugfs for controlling MMIO state data [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buff ... oval:org.secpod.oval:def:1505765 [4:20220207-1.0.3] - update 06-55-04 to 0x2006d05 - update 06-55-07 to 0x5003302 - update 06-6a-04 to 0xb000280 - update 06-6a-06 to 0xd000375 [4:20220207-1.0.2] - roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076995] [4:20220207-1.0.1] - add support for UEK6 and UEK7 kernel ... oval:org.secpod.oval:def:1505769 [5.4.17-2136.308.9.el8] - x86/speculation/mmio: Fix late microcode loading [Orabug: 34276099] [5.4.17-2136.308.8.el8] - Add debugfs for controlling MMIO state data [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166} - KVM: x86/speculation: Disable Fill buffer cle ... oval:org.secpod.oval:def:89046398 The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient whi ... oval:org.secpod.oval:def:81571 The host is missing a critical security update for KB5014748 oval:org.secpod.oval:def:81570 The host is missing a critical security update for KB5014747 oval:org.secpod.oval:def:81569 The host is missing a critical security update for KB5014746 oval:org.secpod.oval:def:81567 The host is missing a critical security update for KB5014742 oval:org.secpod.oval:def:81562 The host is missing a critical security update for KB5014699 oval:org.secpod.oval:def:81561 The host is missing a critical security update for KB5014697 oval:org.secpod.oval:def:81560 The host is missing a critical security update for KB5014692 oval:org.secpod.oval:def:81566 The host is missing a critical security update for KB5014741 oval:org.secpod.oval:def:81565 The host is missing a critical security update for KB5014738 oval:org.secpod.oval:def:81564 The host is missing a critical security update for KB5014710 oval:org.secpod.oval:def:81563 The host is missing a critical security update for KB5014702 oval:org.secpod.oval:def:81559 The host is missing a critical security update for KB5014678 oval:org.secpod.oval:def:1507165 [5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same ... oval:org.secpod.oval:def:3300524 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89046396 The SUSE Linux Enterprise 12 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel . - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux k ... oval:org.secpod.oval:def:89046394 The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux ... oval:org.secpod.oval:def:3301204 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89047716 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-34918: Fixed a buffer overflow with nft_se ... oval:org.secpod.oval:def:89046389 The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.12.31 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - C ... oval:org.secpod.oval:def:3300520 SUSE Security Update: Security update for the Linux Kernel oval:org.secpod.oval:def:89046414 The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient whi ... oval:org.secpod.oval:def:89046410 The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient whi ... oval:org.secpod.oval:def:89048277 The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-13695: Fixed fix acpi operand cache leak in nseval.c . - CVE-2018-7755: Fixed bypass of kernel security protections such as KASLR using fd_locked_ioctl fun ... oval:org.secpod.oval:def:89046405 The SUSE Linux Enterprise 15 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. - CVE-2022-21123: Fixed a stale MMIO data transient which c ... oval:org.secpod.oval:def:81558 The host is missing an important security update for ADV220002 oval:org.secpod.oval:def:81516 Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. Thi ... |