09.07.2025., 08:56
|
#4295
|
Premium
Datum registracije: May 2006
Lokacija: München/Varaždin
Postovi: 4,795
|
Citiraj:
The Linux kernel mitigation for Transient Scheduler Attacks was just merged to Linux Git: "Add the mitigation logic for Transient Scheduler Attacks (TSA)
TSA are new aspeculative side channel attacks related to the execution timing of instructions under specific microarchitectural conditions. In some cases, an attacker may be able to use this timing information to infer data from other contexts, resulting in information leakage.
Add the usual controls of the mitigation and integrate it into the existing speculation bugs infrastructure in the kernel" The new "MITIGATION_TSA" Kconfig option for Transient Scheduler Attacks mitigations adds: "Enable mitigation for Transient Scheduler Attacks. TSA is a hardware security vulnerability on AMD CPUs which can lead to forwarding of invalid info to subsequent instructions and thus can affect their timing and thereby cause a leakage."
|
> Phoronix
Citiraj:
Two local privilege vulnerabilities in the Sudo utility for Linux were recently discovered that could result in the escalation of privileges to root, which would let attackers fully take over an enterprise system.
Companies use the Sudo command-line tool on Linux systems to execute commands as the superuser. Sudo enforces the principle of least privilege, which lets users perform administrative tasks that require elevated permissions without sharing the root password.
In a June 30 Stratascale blog, the two bugs identified were CVE-2025-32462, which had a CVSS score of 2.8; and CVE-2025-32463, a critical bug that was assigned a CVSS of 9.3.
The vulnerabilities were patched in Sudo version 1.9.17p1 released late June, following responsible disclosure April 1. Advisories have also been issued by several Linux distributions, mainly because Sudo comes installed on many of them.
|
> scworld
|
|
|