It’s no secret that vulnerabilities in hardware can have a severe impact on affected processors. Serious flaws have recently been found in both Intel and AMD processors. Known as Downfall (CVE-2022-40982) and Inception (CVE-2023-20569), these notorious bugs have already gained a reputation based on the severe impact they can have on the security and privacy of your sensitive data, so don’t get caught off guard. Is your processor on the list?

We also have other significant discoveries and fixes for you, including mitigations for a critical OpenSSH RCE bug that ranks among the most severe and impactful flaws we've seen in a long time, as well as fixes for two remotely exploitable DoS vulnerabilities in the Poppler PDF rendering library. It's essential that you stay up-to-date on these issues to protect your system from any potential harm. 

Found this newsletter helpful? Please pay it forward and share it with a fellow security geek! We also welcome feedback on how we could improve our newsletters. If you have any comments or thoughts, please share them with us.

Yours in Open Source,

Brittany Signature 150

Microcode

The Discovery 

Distros continue to release updates for two major microcode security issues that were recently discovered. An information disclosure bug known as Downfall (CVE-2022-40982) was found in some Intel(R) Processors, as well as a side channel vulnerability in some AMD CPUs known as Inception (CVE-2023-20569) that may allow an attacker to influence the return address prediction, potentially resulting in speculative execution at an attacker-controlled address.

2.Motherboard

The Impact

These bugs could result in the disclosure of sensitive information.

The Fix

Critical security updates that mitigate these notorious flaws have been released. We urge all impacted users to apply these updates immediately to protect the confidentiality and integrity of their sensitive data.

Your Related Advisories:

Register to Customize Your Advisories

OpenSSH

The Discovery 

Distros also continue to release fixes for a critical remote code execution (RCE) vulnerability recently found in OpenSSH (CVE-2023-38408). This flaw is easy to exploit and poses a severe threat to impacted systems' confidentiality, integrity, and availability, and has received a National Vulnerability Database base score of 9.8 (“Critical” severity) as a result.

OpenSSH

The Impact

This severe bug could lead to remote code execution (RCE) attacks, potentially resulting in malware execution or an attacker gaining complete control over a compromised machine.

The Fix

A crucial update is available for OpenSSH that mitigates this dangerous flaw. It is essential that all impacted users upgrade to the latest version of OpenSSH now to protect against attacks leading to potential system downtime and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Poppler

The Discovery 

Two remotely exploitable security flaws involving incorrect handling of certain malformed PDF files were discovered in the Poppler PDF rendering library.

Poppler

The Impact

These vulnerabilities could result in crashes leading to denial of service (DoS).

The Fix

Updates for Poppler that mitigate these issues are now available. We strongly recommend that all impacted users apply these updates as soon as possible to protect against loss of access to critical systems.

Your Related Advisories:

Register to Customize Your Advisories