VYPR

rpm package

almalinux/linux-firmware

pkg:rpm/almalinux/linux-firmware

Vulnerabilities (11)

  • CVE-2023-31356MedAug 13, 2024
    affected < 20240827-124.git3cff7109.el8_10fixed 20240827-124.git3cff7109.el8_10

    Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

  • CVE-2023-20584Aug 13, 2024
    affected < 20240827-124.git3cff7109.el8_10fixed 20240827-124.git3cff7109.el8_10

    IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.

  • CVE-2023-31346Feb 13, 2024
    affected < 20240610-122.git90df68d2.el8_10fixed 20240610-122.git90df68d2.el8_10

    Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

  • CVE-2023-20592Nov 14, 2023
    affected < 20240111-121.gitb3132c18.el8fixed 20240111-121.gitb3132c18.el8

    Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

  • CVE-2022-38076Aug 11, 2023
    affected < 20230814-140.el9_3fixed 20230814-140.el9_3

    Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2022-36351Aug 11, 2023
    affected < 20230814-140.el9_3fixed 20230814-140.el9_3

    Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2022-40964Aug 11, 2023
    affected < 20230814-140.el9_3fixed 20230814-140.el9_3

    Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2022-46329Aug 11, 2023
    affected < 20230814-140.el9_3fixed 20230814-140.el9_3

    Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2022-27635Aug 11, 2023
    affected < 20230814-140.el9_3fixed 20230814-140.el9_3

    Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2023-20569Aug 8, 2023
    affected < 20230814-140.el9_3fixed 20230814-140.el9_3

    A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

  • CVE-2023-20593Jul 24, 2023
    affected < 20230310-135.el9_2.alma.1fixed 20230310-135.el9_2.alma.1

    An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.