rpm package
almalinux/linux-firmware-whence
pkg:rpm/almalinux/linux-firmware-whence
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-31356 | Med | 4.4 | < 20240905-143.3.el9_4 | 20240905-143.3.el9_4 | Aug 13, 2024 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. | |
| CVE-2023-20584 | — | < 20240905-143.3.el9_4 | 20240905-143.3.el9_4 | Aug 13, 2024 | IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity. | ||
| CVE-2023-31346 | — | < 20240603-143.1.el9_4 | 20240603-143.1.el9_4 | Feb 13, 2024 | Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. | ||
| CVE-2022-38076 | — | < 20230814-140.el9_3 | 20230814-140.el9_3 | Aug 11, 2023 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2022-36351 | — | < 20230814-140.el9_3 | 20230814-140.el9_3 | Aug 11, 2023 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||
| CVE-2022-40964 | — | < 20230814-140.el9_3 | 20230814-140.el9_3 | Aug 11, 2023 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2022-46329 | — | < 20230814-140.el9_3 | 20230814-140.el9_3 | Aug 11, 2023 | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2022-27635 | — | < 20230814-140.el9_3 | 20230814-140.el9_3 | Aug 11, 2023 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-20569 | — | < 20230814-140.el9_3 | 20230814-140.el9_3 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-20593 | — | < 20230310-135.el9_2.alma.1 | 20230310-135.el9_2.alma.1 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. |
- affected < 20240905-143.3.el9_4fixed 20240905-143.3.el9_4
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
- CVE-2023-20584Aug 13, 2024affected < 20240905-143.3.el9_4fixed 20240905-143.3.el9_4
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
- CVE-2023-31346Feb 13, 2024affected < 20240603-143.1.el9_4fixed 20240603-143.1.el9_4
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
- CVE-2022-38076Aug 11, 2023affected < 20230814-140.el9_3fixed 20230814-140.el9_3
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-36351Aug 11, 2023affected < 20230814-140.el9_3fixed 20230814-140.el9_3
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- CVE-2022-40964Aug 11, 2023affected < 20230814-140.el9_3fixed 20230814-140.el9_3
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2022-46329Aug 11, 2023affected < 20230814-140.el9_3fixed 20230814-140.el9_3
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2022-27635Aug 11, 2023affected < 20230814-140.el9_3fixed 20230814-140.el9_3
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2023-20569Aug 8, 2023affected < 20230814-140.el9_3fixed 20230814-140.el9_3
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-20593Jul 24, 2023affected < 20230310-135.el9_2.alma.1fixed 20230310-135.el9_2.alma.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.