Cisco recently patched a zero-day vulnerability that was exploited by a nation-state threat group known as Velvet Ant, believed to be linked to China. The vulnerability, tracked as CVE-2024-20399, allows an authenticated, local attacker to execute arbitrary commands as root on affected devices running Cisco’s NX-OS software. This vulnerability, known as a command injection vulnerability, … Read more
Intel engineers have been busy working on Linux support for the upcoming Lunar Lake processors. While most core functionality seems to be in good shape, there are some issues related to enabling Xe2 graphics and power management that are still being worked on. Recent patches have been released to enable features such as Digital Linear … Read more
Intel’s support for the upcoming Moon Lake processors may not be completely finished, as patches enabling DLVR (Digital Linear Voltage Regulator) support for these mobile SoCs have been released. This feature is present in Meteor Lake as an additional voltage regulator to help reduce power consumption. The latest patch series for the Linux kernel extends … Read more
May 14, 2024NewsroomBluetooth / Vulnerability Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version … Read more
VMware has patched three vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. Source link
VMware has released fixes for several flaws that together could allow attackers to execute malicious code on the host system from inside a virtual machine, bypassing the critical isolation layer. Some of the flaws are in the virtualized USB controllers, so they impact most VMware hypervisors: VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud … Read more
VMware on March 5 issued patches for a pair of flaws they rated as “critical” and in the “important” severity range for VMware ESXi, Workstation, and Fusion. VMware explained in an advisory to its customers that ESXi, Workstation, and Fusion contain a “use-after-free” vulnerability in the XHCI USB controller filed with NIST as CVE-2024-22252. VMware … Read more
Getty Images VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities—two carrying severity ratings of 9.3 out of a possible 10—are serious … Read more
Mar 06, 2024NewsroomSoftware Security / Vulnerability VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution. Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 … Read more
The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host. Source link