linux-firmware-20230919-1.fc38

September 19, 2023

Read Time:1 Minute, 9 Second

FEDORA-2023-4056a5c165

Packages in this update:

linux-firmware-20230919-1.fc38

Update description:

Update to upstream 20230919 release:

amd-ucode: Add note on fam19h warnings
i915: update MTL HuC to version 8.5.4
amdgpu: update DMCUB to 0.0.183.0 for various AMDGPU ASICs
qcom: add link to sc8280xp audioreach firmware
qcom: sm8250: add RB5 sensors DSP firmware
qcom: Update vpu-1.0 firmware
qcom: sm8250: update DSP firmware
qcom: add firmware for the onboard WiFi on qcm2290 / qrb4210
qcom: add venus firmware files for v6.0
qcom: add firmware for QRB4210 platforms
qcom: add firmware for QCM2290 platforms
qcom: add GPU firmware for QCM2290 / QRB2210
ath10k/WCN3990: move wlanmdsp to qcom/sdm845
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00605
Fix carl9170fw shell scripts for shellcheck errors
i915: Update MTL DMC to v2.16
Update firmware file for Intel Bluetooth AX200/AX201/AX203/AX210/AX211
Update firmware for qat_4xxx devices
Update AMD SEV firmware
rtw89: 8852b: update fw to v0.29.29.3
rtw89: 8851b: update fw to v0.29.41.2
i915: add GSC 102.0.0.1655 for MTL
cirrus: Add CS35L41 firmware for HP G11 models
Update AMD cpu microcode
rtl_bt: Add firmware v2 file for RTL8852C
Revert “rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225”
cxgb4: Update firmware to revision 1.27.4.0

Advisories

linux-firmware-20230919-1.fc37

September 19, 2023

Read Time:1 Minute, 9 Second

FEDORA-2023-defb0a89ff

Packages in this update:

linux-firmware-20230919-1.fc37

Update description:

Update to upstream 20230919 release:

Advisories

USN-6388-1: Linux kernel vulnerabilities

September 19, 2023

Read Time:2 Minute, 7 Second

Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

It was discovered that the NET/ROM protocol implementation in the Linux
kernel contained a race condition in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32269)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

It was discovered that the JFS file system implementation in the Linux
kernel did not properly validate memory allocations in certain situations,
leading to a null pointer dereference vulnerability. An attacker could use
this to construct a malicious JFS image that, when mounted, could cause a
denial of service (system crash). (CVE-2023-4385)

It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel contained a use-after-free vulnerability in certain situations. A
local attacker in a guest VM could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4387)

It was discovered that the VMware VMXNET3 ethernet driver in the Linux
kernel did not properly handle errors in certain situations, leading to a
null pointer dereference vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash). (CVE-2023-4459)

Advisories

USN-6387-1: Linux kernel vulnerabilities

September 19, 2023

Read Time:38 Second

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

Advisories

USN-6386-1: Linux kernel vulnerabilities

September 19, 2023

Read Time:49 Second

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)

News

Yikes! My sex video has been uploaded to YouPorn, apparently

September 19, 2023

Read Time:9 Second

Apparently YouPorn’s AI algorithm has detected me in an uploaded sex video.

All I have to do is pay hundreds of dollars worth of Bitcoin to prevent it from being published.

News

#mWISE: Chinese Cyber Power Bigger Than the Rest of the World Combined

September 19, 2023

Read Time:7 Second

China is rising as a cyber superpower, sponsoring not just ever more highly sophisticated espionage campaigns, but also venturing into cybercrime and disinformation