- Re: Data operand dependent timing on Intel and Arm CPUson January 27, 2023 at 9:49 am
Posted by Eric Biggers on Jan 27Sure. To be clear, I don’t have specific knowledge of how particular instructions behave on particular CPUs. Research into the real-world behavior is absolutely needed. I’m just going off what the Intel […]
- Linux Kernel: hid: Use-After-Free in bigben_set_led()on January 25, 2023 at 11:22 pm
Posted by Pietro Borrello on Jan 25Hi all, I’m disclosing a Use After Free that may be triggered when plugging in a malicious USB device, which advertises itself as a bigben device. The device uses a worker `bigben_worker` scheduled by […]
- Re: Data operand dependent timing on Intel and Arm CPUson January 25, 2023 at 9:47 pm
Posted by Solar Designer on Jan 25Hi Eric, Thank you for bringing this up in here. There was also a brief Twitter thread on it in August 2022, started by Adam Langley:https://twitter.com/agl__/status/1561374334714671104 In it Adam Langley, wrote: My […]
- Data operand dependent timing on Intel and Arm CPUson January 25, 2023 at 7:53 pm
Posted by Eric Biggers on Jan 25Hi, I’d like to draw people’s attention to the fact that on recent Intel and Arm CPUs, by default the execution time of instructions may depend on the data values operated on. This even includes instructions like […]
- ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924)on January 25, 2023 at 5:19 pm
Posted by Michał Kępień on Jan 25On 25 January 2023 we (Internet Systems Consortium) disclosed three vulnerabilities affecting our BIND 9 software: – CVE-2022-3094: An UPDATE message flood may cause named to exhaust all available memory […]
- Xen Security Advisory 425 v1 (CVE-2022-42330) – Guests can cause Xenstore crash via soft reseton January 25, 2023 at 2:58 pm
Posted by Xen . org security team on Jan 25 Xen Security Advisory CVE-2022-42330 / XSA-425 Guests can cause Xenstore crash via soft reset ISSUE DESCRIPTION ================= When a guest issues a “Soft Reset” (e.g. for […]
VulDB Updates Updates
- CVE-2022-47662 | GPAC 2.1-DEV-rev649-ga8f438d20 MP4Box isomedia/media.c Media_GetSample recursion (ID 2359)by vuldb.com on January 29, 2023 at 5:58 am
A vulnerability has been found in GPAC 2.1-DEV-rev649-ga8f438d20 and classified as problematic. Affected by this vulnerability is the function Media_GetSample of the file isomedia/media.c of the component MP4Box. The manipulation leads to uncontrolled recursion. This vulnerability is known as […]
- CVE-2022-47661 | GPAC 2.1-DEV-rev649-ga8f438d20 MP4Box media_tools/av_parsers.c gf_media_nalu_add_emulation_bytes buffer overflow (ID 2358)by vuldb.com on January 29, 2023 at 5:43 am
A vulnerability, which was classified as critical, was found in GPAC 2.1-DEV-rev649-ga8f438d20. Affected is the function gf_media_nalu_add_emulation_bytes of the file media_tools/av_parsers.c of the component MP4Box. The manipulation leads to buffer overflow. This vulnerability is traded as […]
- CVE-2022-47660 | GPAC 2.1-DEV-rev644-g5c4df2a67 MP4Box isomedia/isom_write.c integer overflow (ID 2357)by vuldb.com on January 29, 2023 at 5:34 am
A vulnerability, which was classified as critical, has been found in GPAC 2.1-DEV-rev644-g5c4df2a67. This issue affects some unknown processing of the file isomedia/isom_write.c of the component MP4Box. The manipulation leads to integer overflow. The identification of this vulnerability is […]
- CVE-2022-47659 | GPAC 2.1-DEV-rev644-g5c4df2a67 MP4box gf_bs_read_data buffer overflow (ID 2354)by vuldb.com on January 29, 2023 at 5:23 am
A vulnerability classified as critical was found in GPAC 2.1-DEV-rev644-g5c4df2a67. This vulnerability affects the function gf_bs_read_data of the component MP4box. The manipulation leads to buffer overflow. This vulnerability was named CVE-2022-47659. The attack can be initiated remotely. There […]
- CVE-2022-33323 | Mitsubishi Electric MELFA SD-SQ/MELFA F debug code (icsa-23-026-05)by vuldb.com on January 28, 2023 at 10:37 pm
A vulnerability classified as critical was found in Mitsubishi Electric MELFA SD-SQ and MELFA F. This vulnerability affects unknown code. The manipulation leads to active debug code. This vulnerability was named CVE-2022-33323. The attack can be initiated remotely. There is no exploit […]
- CVE-2022-47658 | GPAC 2.1-DEV-rev644-g5c4df2a67 MP4Box media_tools/av_parsers.c gf_hevc_read_vps_bs_internal buffer overflow (ID 2356)by vuldb.com on January 28, 2023 at 7:46 pm
A vulnerability classified as critical has been found in GPAC 2.1-DEV-rev644-g5c4df2a67. This affects the function gf_hevc_read_vps_bs_internal of the file media_tools/av_parsers.c of the component MP4Box. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as […]
- CVE-2022-47656 | GPAC 2.1-DEV-rev617-g85ce76efd MP4box media_tools/av_parsers.c gf_hevc_read_sps_bs_internal buffer overflow (ID 2353)by vuldb.com on January 28, 2023 at 7:38 pm
A vulnerability was found in GPAC 2.1-DEV-rev617-g85ce76efd. It has been declared as critical. Affected by this vulnerability is the function gf_hevc_read_sps_bs_internal of the file media_tools/av_parsers.c of the component MP4box. The manipulation leads to buffer overflow. This vulnerability […]