Stay Secure with the Latest Linux Advisories

security advisoryDebiancritical update

Debian DSA-5475-1 Critical: Intel GDS and AMD SRSO Issues

CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5475-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2022-40982 CVE-2023-20569 CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers. This mitigation requires updated CPU microcode provided in the intel-microcode package. For details please refer to and . CVE-2023-20569 Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered INCEPTION, also known as Speculative Return Stack Overflow (SRSO), a transient execution attack that leaks arbitrary data on all AMD Zen CPUs. An attacker can mis-train the CPU BTB to predict non- architectural CALL instructions in kernel space and use this to control the speculative target of a subsequent kernel RET, potentially leading to information disclosure via a speculative side-channel. For details please refer to and . For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.179-5. For the stable distribution (bookworm), these problems have been fixed in version 6.1.38-4. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently askedquestions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Security Notice USN-5267-1 addresses essential patches to safeguard against Intel and AMD processor weaknesses.. Debian Security Advisory,Intel Vulnerability,AMD Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Aug 11, 2023 •Critical Debian