Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: perl538Packages.PPIxQuoteLike

Found 5 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2023-20587
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 11 months, 1 week ago
Improper Access Control in System Management Mode (SMM) may allow …

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

Affected products

PI
  • ==various
  • ==various
AMD EPYC(TM) Embedded 7003
  • ==various
AMD EPYC(TM) Embedded 9003
  • ==various
AMD EPYC(TM) Embedded 3000
  • ==various
AMD EPYC(TM) Embedded 7002
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

Untriaged
Permalink CVE-2023-31346
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year ago
Failure to initialize memory in SEV Firmware may allow a …

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

Untriaged
Permalink CVE-2023-20578
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 year ago
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with …

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Affected products

PI
  • ==NaplesPI 1.0.0.K
epyc_7001
  • ==1.0.0.k
epyc_7002
  • ==1.0.0.g
epyc_9004
  • ==1.0.0.2
epyc_embedded_3000
  • ==1.1.0.a
epyc_embedded_7002
  • ==1.0.0.a
epyc_embedded_7003
  • ==1.0.0.7
epyc_embedded_9003
  • ==1.0.0.0
ryzen_embedded_7000
  • ==1.0.0.0
ryzen_embedded_v3000
  • ==1.0.0.8
AMD EPYC™ Embedded 3000
  • ==SnowyOwl PI 1.1.0.A
AMD EPYC™ Embedded 7002
  • ==EmbRomePI-SP3 1.0.0.A
AMD EPYC™ Embedded 7003
  • ==EmbMilanPI-SP3 1.0.0.7
AMD EPYC™ Embedded 9003
  • ==EmbGenoaPI-SP5 1.0.0.0
AMD RyzenTM Embedded V3000
  • ==EmbeddedPI-FP7r2 1.0.0.8
AMD Ryzen™ Embedded 7000
  • ==EmbeddedAM5PI 1.0.0.0
AMD EPYC™ 7002 Processors
  • ==RomePI 1.0.0.G
AMD EPYC™ 7003 Processors
  • ==MilanPI 1.0.0.B
AMD EPYC™ 9004 Processors
  • ==GenoaPI 1.0.0.2
AMD Ryzen™ 7000 Series Desktop Processors
  • ==ComboAM5 1.0.0.1
AMD Ryzen™ Threadripper™ PRO 5000WX Processors
  • ==ChagallWSPI-sWRX8 1.0.0.7
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
  • ==RembrandtPI-FP7 1.0.0.9b
AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
  • ==MendocinoPI-FT6 1.0.0.0
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
  • ==RembrandtPI-FP7 1.0.0.9b

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

Untriaged
Permalink CVE-2023-31347
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 year ago
Due to a code bug in Secure_TSC, SEV firmware may …

Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  

Affected products

PI
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

Untriaged
Permalink CVE-2023-20579
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 year, 1 month ago
Improper Access Control in the AMD SPI protection feature may …

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

Affected products

PI
  • ==Various
  • ==various
  • ==various
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
  • ==various
AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics
  • ==various
AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
  • ==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go