rpm package
almalinux/libertas-usb8388-firmware
pkg:rpm/almalinux/libertas-usb8388-firmware
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31356 | Med | 4.4 | < 2:20240827-124.git3cff7109.el8_10 | 2:20240827-124.git3cff7109.el8_10 | Aug 13, 2024 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. | |
| CVE-2023-20584 | — | < 2:20240827-124.git3cff7109.el8_10 | 2:20240827-124.git3cff7109.el8_10 | Aug 13, 2024 | IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | ||
| CVE-2023-31346 | — | < 2:20240610-122.git90df68d2.el8_10 | 2:20240610-122.git90df68d2.el8_10 | Feb 13, 2024 | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | ||
| CVE-2023-20592 | — | < 2:20240111-121.gitb3132c18.el8 | 2:20240111-121.gitb3132c18.el8 | Nov 14, 2023 | Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | ||
| CVE-2022-46329 | — | < 2:20240111-121.gitb3132c18.el8 | 2:20240111-121.gitb3132c18.el8 | Aug 11, 2023 | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-20569 | — | < 2:20230824-119.git0e048b06.el8_9 | 2:20230824-119.git0e048b06.el8_9 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-20593 | — | < 2:20230404-117.git2e92a49f.el8_8.alma.1 | 2:20230404-117.git2e92a49f.el8_8.alma.1 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. |
- affected < 2:20240827-124.git3cff7109.el8_10fixed 2:20240827-124.git3cff7109.el8_10
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
- CVE-2023-20584Aug 13, 2024affected < 2:20240827-124.git3cff7109.el8_10fixed 2:20240827-124.git3cff7109.el8_10
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
- CVE-2023-31346Feb 13, 2024affected < 2:20240610-122.git90df68d2.el8_10fixed 2:20240610-122.git90df68d2.el8_10
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
- CVE-2023-20592Nov 14, 2023affected < 2:20240111-121.gitb3132c18.el8fixed 2:20240111-121.gitb3132c18.el8
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
- CVE-2022-46329Aug 11, 2023affected < 2:20240111-121.gitb3132c18.el8fixed 2:20240111-121.gitb3132c18.el8
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-20569Aug 8, 2023affected < 2:20230824-119.git0e048b06.el8_9fixed 2:20230824-119.git0e048b06.el8_9
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-20593Jul 24, 2023affected < 2:20230404-117.git2e92a49f.el8_8.alma.1fixed 2:20230404-117.git2e92a49f.el8_8.alma.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.