Azure Machine Learning Compute Instance Information Disclosure Vulnerability

...

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

USN-5835-5: Nova vulnerability

USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker cou...

Debian: Security Advisory (DSA-5337-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to Restrict Which Azure Subscriptions Are Accessible to an Azure Compute Account

Purpose This article documents how to restrict which subscriptions will be accessible to an Azure Compute account used by Veeam Backup & Replication. Use Case By default, IAM roles are assigned to a newly created Microsoft Entra ID application on all subscriptions visible to the Microsoft Entra I...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. Mitigation Please contact AMD for more updates on this flaw...

ALPINE-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

PT-2023-33456 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue is related to a double release compute pasid in the drm/amdkfd component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

Authorization

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

Design/Logic Flaw

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23814

Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23814

CVE-2022-23814 describes a failure to validate addresses provided by software to BIOS commands, which may cause loss of integrity of guest memory in confidential compute environments. The vulnerability is tied to AMD platform components (SBIOS/ASP/SMU/ BIOS mailbox handling) and is documented und...

CVE-2022-23813

The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment...

CVE-2022-23813

CVE-2022-23813 involves AMD ASP/SMU where the interface between ASP and SMU may fail to enforce SNP memory security policy, risking loss of integrity of SNP-protected guest memory in confidential Compute (AMD EPYC). Affected: ASP/SMU components across generations; Root cause: inadequate enforceme...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...