Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5591: Red Hat Security Advisory: linux-firmware security update

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#git#kubernetes#aws#amd#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-10-10

Updated:

2023-10-10

RHSA-2023:5591 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: linux-firmware security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

  • hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

x86_64

iwl100-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1_1-100.el8_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

x86_64

iwl100-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1_1-100.el8_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

ppc64le

iwl100-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1_1-100.el8_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

linux-firmware-20191202-100.gite8a0f4c9.el8_2.src.rpm

SHA-256: 1c1a3032419c55de3381d4582b3bcb7f58cb1dab1caf76904e0d010fc22c8edf

x86_64

iwl100-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: 7eabaebd9b404d7355a4144f207042a7bb2bd58845d6db7a1e3938c2ff7e86cf

iwl1000-firmware-39.31.5.1-100.el8_2.1.noarch.rpm

SHA-256: d5f5692874003caaddd045dc26ea697254f008268f47e3aa48252138d52050b5

iwl105-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: f64a93f246cffead27bc5cd4dd78dc8fb9b483e2f2debcff8154b24c475b04fc

iwl135-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: b08a180479651fc965a4a3cda0d0eb3f061f8db4eca6b421dd4066e82758797e

iwl2000-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: a4a146316efe976aafbde0d3ed070686fe75143f35acd3c1dbc7a7ef3707ed55

iwl2030-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 1bb44c732671fbea2140e93a64f26d7d8e7683ad0d9eb56a040e633c2720817e

iwl3160-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: 65625c27d5e3cc10e899ea0e5f174370cf4d6c21d06c335925486f2774d9e958

iwl3945-firmware-15.32.2.9-100.el8_2.1.noarch.rpm

SHA-256: 88dd7e01f783bea27b0b1b01780fe4eb700005bac784555a46c879ad15adfd24

iwl4965-firmware-228.61.2.24-100.el8_2.1.noarch.rpm

SHA-256: 9c629613cd961c4a9ae2fa83f0a574ba29ead83bc78e5ba0e9bb6928d6606407

iwl5000-firmware-8.83.5.1_1-100.el8_2.1.noarch.rpm

SHA-256: f40da742b2bd32e3f1c9e294c8cb38900ac096e8a479046b9feaec0ceaa79da2

iwl5150-firmware-8.24.2.2-100.el8_2.1.noarch.rpm

SHA-256: fdac2ee486cbbbdd77a507c7518b7642cd61ff995ae4c7678080fa56780600df

iwl6000-firmware-9.221.4.1-100.el8_2.1.noarch.rpm

SHA-256: bbd02c73e7b8b4c8b78c481e3b65fb0313ac640801d6877c0f9cbf1ef16f3a41

iwl6000g2a-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: d155f2278b66119af1d537c77a507e1570bab7caa1abcbcb5d55a987943a1194

iwl6000g2b-firmware-18.168.6.1-100.el8_2.1.noarch.rpm

SHA-256: 36ed577cd95328d4cd8456c5a08c70683ab326f9850b384bfeaa6db781b53833

iwl6050-firmware-41.28.5.1-100.el8_2.1.noarch.rpm

SHA-256: 3b5c1313d3e4f0f0bf434e392cc1ca02d3fa805aa183c7fbb39db8eaf7edc89f

iwl7260-firmware-25.30.13.0-100.el8_2.1.noarch.rpm

SHA-256: a86e391a7ceecee4214a2ab8a6d51e3da5e328a7dd62966ede2b82829b0bafd9

libertas-sd8686-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 4e92b88f3e81b7c2946c2bec0f6db1c95a26db7e0bb3ba8a2f3bb94316c71b75

libertas-sd8787-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 9a471fdca5f148474461c345c8a596d2a94ad057301cc5164cd4ad72b596ffb8

libertas-usb8388-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 659bbe0f09559d3d2cc0ae15523378ed36fed7b9731354df6340cd09f40ea691

libertas-usb8388-olpc-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: 58a6c898ac01bb6b1191ccb4d2a6b3465095d6a5716ccc79e4481dd0144daf12

linux-firmware-20191202-100.gite8a0f4c9.el8_2.noarch.rpm

SHA-256: e9e9d84a38ded3d6c192d70c8ccb1b2bcdcf1b67c17e9073d6ae5a7c6d5bd65f

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-7665-03

Red Hat Security Advisory 2023-7665-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2023-7557-01

Red Hat Security Advisory 2023-7557-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include information leakage and use-after-free vulnerabilities.

CVE-2023-43057: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

RHSA-2023:5607: Red Hat Security Advisory: linux-firmware security and enhancement update

An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.

Red Hat Security Advisory 2023-5419-01

Red Hat Security Advisory 2023-5419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5068-01

Red Hat Security Advisory 2023-5068-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.

Ubuntu Security Notice USN-6342-2

Ubuntu Security Notice 6342-2 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6316-1

Ubuntu Security Notice 6316-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

RHSA-2023:4699: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configurat...

Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

Debian Security Advisory 5461-1

Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second. The

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data