rpm package
opensuse/kernel-firmware-atheros&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-firmware-atheros&distro=openSUSE%20Tumbleweed
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-20569 | — | < 20250206-1.1 | 20250206-1.1 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-20593 | — | < 20250206-1.1 | 20250206-1.1 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | ||
| CVE-2021-46744 | — | < 20250206-1.1 | 20250206-1.1 | May 11, 2022 | An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | ||
| CVE-2021-26348 | — | < 20250206-1.1 | 20250206-1.1 | May 11, 2022 | Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | ||
| CVE-2021-26364 | — | < 20250206-1.1 | 20250206-1.1 | May 11, 2022 | Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. | ||
| CVE-2021-26375 | — | < 20250206-1.1 | 20250206-1.1 | May 11, 2022 | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | ||
| CVE-2021-26339 | — | < 20250206-1.1 | 20250206-1.1 | May 11, 2022 | A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by | ||
| CVE-2021-33139 | — | < 20250206-1.1 | 20250206-1.1 | Feb 9, 2022 | Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. | ||
| CVE-2019-9836 | — | < 20250206-1.1 | 20250206-1.1 | Jun 25, 2019 | Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. | ||
| CVE-2017-5715 | — | < 20250206-1.1 | 20250206-1.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-13080 | Med | 5.3 | < 20250206-1.1 | 20250206-1.1 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
- CVE-2023-20569Aug 8, 2023affected < 20250206-1.1fixed 20250206-1.1
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-20593Jul 24, 2023affected < 20250206-1.1fixed 20250206-1.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
- CVE-2021-46744May 11, 2022affected < 20250206-1.1fixed 20250206-1.1
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.
- CVE-2021-26348May 11, 2022affected < 20250206-1.1fixed 20250206-1.1
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.
- CVE-2021-26364May 11, 2022affected < 20250206-1.1fixed 20250206-1.1
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.
- CVE-2021-26375May 11, 2022affected < 20250206-1.1fixed 20250206-1.1
Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.
- CVE-2021-26339May 11, 2022affected < 20250206-1.1fixed 20250206-1.1
A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by
- CVE-2021-33139Feb 9, 2022affected < 20250206-1.1fixed 20250206-1.1
Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.
- CVE-2019-9836Jun 25, 2019affected < 20250206-1.1fixed 20250206-1.1
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
- CVE-2017-5715Jan 4, 2018affected < 20250206-1.1fixed 20250206-1.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 20250206-1.1fixed 20250206-1.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.