There are 5 open security issues in bookworm.
5 issues left for the package maintainer to handle:
- CVE-2024-2193:
(postponed; to be fixed through a stable update)
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
- CVE-2024-2201:
(postponed; to be fixed through a stable update)
- CVE-2023-46841:
(postponed; to be fixed through a stable update)
Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses are accompanied by so called "shadow stacks", holding little more than return addresses. Shadow stacks aren't writable by normal instructions, and upon function returns their contents are used to check for possible manipulation of a return address coming from the traditional stack. In particular certain memory accesses need intercepting by Xen. In various cases the necessary emulation involves kind of replaying of the instruction. Such replaying typically involves filling and then invoking of a stub. Such a replayed instruction may raise an exceptions, which is expected and dealt with accordingly. Unfortunately the interaction of both of the above wasn't right: Recovery involves removal of a call frame from the (traditional) stack. The counterpart of this operation for the shadow stack was missing.
- CVE-2023-46842:
(postponed; to be fixed through a stable update)
- CVE-2024-31142:
(postponed; to be fixed through a stable update)
You can find information about how to handle these issues in the security team's documentation.
1 issue that should be fixed with the next stable update:
- CVE-2023-28746:
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.