all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks

Add to bookmarks
April 9, 2024, 2:44 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


A new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v2 branch history injection (BHI) are likely affected. An unauthenticated attacker can exploit this vulnerability to leak privileged memory from the CPU by speculatively jumping to a chosen gadget. Current research shows that existing mitigation techniques of disabling privileged eBPF and enabling (Fine)IBT are insufficient in stopping BHI exploitation against the kernel/hypervisor. …

architectures attacker attacks bhi can cpu exploit hardware history injection intel kernel leak linux linux kernel memory privilege privileged spectre speculative execution systems unauthenticated vulnerability vulnerable

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 1 day, 8 hours ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 2 days, 6 hours ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 2 weeks, 1 day ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 3 weeks ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 3 weeks, 1 day ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 4 weeks ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 1 week ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 2 weeks ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 3 weeks ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs