Ubuntu Security Notice USN-5091-1

Discussion in 'News Aggregator' started by Packet Storm, 29 Sep 2021.

  1. Packet Storm

    Packet Storm Guest

    Ubuntu Security Notice 5091-1 - Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF verifier in the Linux kernel missed possible mispredicted branches due to type confusion, allowing a side-channel attack. An attacker could use this to expose sensitive information. It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.

    Continue reading...

Share This Page