Debian 10 Buster DLA-3525-1 Critical: Gather Data Sampling & INCEPTION
debian lts
August 11, 2023
CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative
Topics Covered
Summary
Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
vulnerability for Intel CPUs which allows unprivileged speculative
access to data which was previously stored in vector registers.
This mitigation requires updated CPU microcode provided in the
intel-microcode package.
For details please refer to
CVE-2023-20569
Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered
INCEPTION, also known as Speculative Return Stack Overflow (SRSO),
a transient execution attack that leaks arbitrary data on all AMD
Zen CPUs. An attacker can mis-train the CPU BTB to predict non-
architectural CALL instructions in kernel space and use this to
control the speculative target of a subsequent kernel RET,
potentially leading to information disclosure via a speculative
side-channel.
For details please refer to
For Debian 10 buster, these problems have been fixed in version
5.10.179-5~deb10u1.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-5.10
Version: 5.10.179-5~deb10u1
CVE ID: CVE-2022-40982 CVE-2023-20569
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!