All advisories which are disclosed publicly by EGI Software Vulnerability Group (SVG) are placed on this site.
All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI SVG.
A guide to the risk categories is available at Notes On Risk.
SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities.
| Date | Title | Contents/Link | CVE(s) (if applicable) |
|---|---|---|---|
| 2024-03-06 Updated 2024-04-19 | HIGH risk Linux Kernel vulnerabilities (RHEL9) [EGI-SVG-2024-06] | Advisory-EGI-SVG-2024-06 | CVE-2023-6817 + more |
| 2024-03-06 Updated 2024-04-10 | HIGH risk Linux Kernel vulnerabilities [EGI-SVG-2024-05] | Advisory-EGI-SVG-2024-05 | CVE-2023-4623 + more |
| 2024-03-05 Updated 2024-04-10 | HIGH risk vulnerability in Lustre [EGI-SVG-2024-04] | Advisory-EGI-SVG-2024-04 | CVE-2023-51786 |
| 2024-04-03 Updated 2024-04-10 | CRITICAL risk vulnerability in xz data compression tools [EGI-SVG-2024-07] | Advisory-EGI-SVG-2024-07 | CVE-2024-3094 |
| 2024-02-12 Updated 2024-03-15 | HIGH risk vulnerability in runc affecting containers [EGI-SVG-2024-03] | Advisory-EGI-SVG-2024-03 | CVE-2024-21626 |
| 2024-01-30 Updated 2024-03-15 | HIGH risk array indexing vulnerability in netfilter [EGI-SVG-2023-54] | Advisory-EGI-SVG-2023-54 | CVE-2023-42753 |
| 2024-01-18 Updated 2024-02-20 | HIGH risk Linux privilege escalation Vulnerabilities [EGI-SVG-2024-01] | Advisory-EGI-SVG-2024-01 | CVE-2023-4206 + 2 more |
| 2023-12-14 Updated 2024-02-20 | CRITICAL risk Multiple SLURM Vulnerabilities [EGI-SVG-2023-59] | Advisory-EGI-SVG-2023-59 | CVE-2023-49934 + 5 more |
| 2023-09-25 Updated 2024-02-20 | CRITICAL risk PMIX race condition vulnerability [EGI-SVG-2023-51] | Advisory-EGI-SVG-2023-51 | CVE-2023-41915 |
| 2023-08-23 Updated 2024-02-19 | HIGH risk AMD CPU Processor Vulnerability [EGI-SVG-CVE-2023-20569] | Advisory-SVG-CVE-2023-20569 | CVE-2023-20569 |
| 2023-08-16 Updated 2023-10-19, 2024-02-19 | HIGH risk Intel Downfall Vulnerability [EGI-SVG-CVE-2022-40982] | Advisory-SVG-CVE-2022-40982 | CVE-2022-40982 |
| 2023-07-26 Updated 2023-08-15, 2023-09-21, 2023-09-22, 2024-02-16 | ALERT Zenbleed speculative execution vulnerability [EGI-SVG-CVE-2023-20593] | Advisory-SVG-CVE-2023-20593 | CVE-2023-20593 |
| 2023-11-21 | Intel processor vulnerability [EGI-SVG-2023-58] | Advisory-EGI-SVG-2023-58 | CVE-2023-23583 |
| 2023-10-16 Updated 2023-11-14 | HIGH risk Slurm race condition vulnerability [EGI-SVG-2023-57] | Advisory-EGI-SVG-2023-57 | CVE-2023-41914 |
| 2023-10-06 Updated 2023-11-14 | HIGH Risk glibc vulnerability [EGI-SVG-2023-55] | Advisory-EGI-SVG-2023-55 | CVE-2023-4911 |
| 2023-09-21 Updated 2023-11-14 | HIGH Risk INDIGO-IAM Vulnerability [EGI-SVG-2023-53] | Advisory-EGI-SVG-2023-53 | N/A |
| 2023-09-21 Updated 2023-10-19, 2023-10-24 | HIGH Risk Linux kernel vulnerabilities [EGI-SVG-2023-52] | Advisory-EGI-SVG-2023-52 | CVE-2023-3610 +9 more |
EGI SVG produces advisories according to the SEC02 EGI Software Vulnerability Issue Handling.
Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC services.
In the past (up to the end of 2015) CSIRT also issued general alerts at EGI CSIRT Alerts and EGI SVG advisories primarily concerned gLite Middleware.