Clorox, the household cleaning product manufacturer, has admitted that its financial results for the first quarter could see a “material impact” after hackers attacked its systems.
Read more in my article on the Hot for Security blog.
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
Multiple security issues were discovered in Netatalk, an implementation
of the Apple Filing Protocol (AFP) for offering file service (mainly) to
macOS clients, which may result in the execution of arbitrary code or
information disclosure.
Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Every quarter, the Expel security operations centre (SOC) publishes its Quarterly Threat Report (QTR) to distill all the trends, notable new behaviours, and unusual attacks it saw in the previous quarter. By sharing … Continue reading “The Expel Quarterly Threat Report distills the threats and trends the Expel SOC saw in Q2. Download it now.”
linux-firmware-20230919-1.fc39
Update to upstream 20230919 release:
amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0
linux-firmware-20230919-1.fc38
Update to upstream 20230919 release:
amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0
linux-firmware-20230919-1.fc37
Update to upstream 20230919 release:
amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0
Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)
Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)
It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)
It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
It was discovered that the JFS file system implementation in the Linux
kernel did not properly validate memory allocations in certain situations,
leading to a null pointer dereference vulnerability. An attacker could use
this to construct a malicious JFS image that, when mounted, could cause a
denial of service (system crash). (CVE-2023-4385)
It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel contained a use-after-free vulnerability in certain situations. A
local attacker in a guest VM could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4387)
It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel did not properly handle errors in certain situations, leading to a
null pointer dereference vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash). (CVE-2023-4459)
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)
It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)
It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)
