PT-2026-40388

Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network SMN access, potentially resulting in arbitrary code execution in AMD Secure Processor ASP and loss of the SEV-SNP guest's confidentiality and integrity...

Contrast BadAML injection allows arbitrary code execution

BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...

dcap-qvl data falsification vulnerability

dcap-qvl is a confidential computing development library open source by Phala. Versions of dcap-qvl prior to 0.3.9 contained a data falsification vulnerability. This vulnerability stemmed from critical flaws in the encryption verification process, which could allow attackers to forge QE identity...

Confidential Computing for Cloud Security: Exploring Hardware Based Encryption Using Trusted Execution Environments

The growth of cloud computing has revolutionized data processing and storage capacities to another levels of scalability and flexibility. But in the process, it has created a huge challenge of security, especially in terms of safeguarding sensitive data. Classical security practices, including...

New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves

A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment TEE in a computer's main processor, including Intel's Software Guard eXtension...

GHSA-HQ76-6GH2-5G4Q Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

SUSE-SU-2025:03602-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-39782: jbd2: prevent softlockup in jbd2logdocheckpoint bsc1249526. - CVE-2025-39773: net: bridge: fix soft lockup in...

EUVD-2022-31422

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: trustee-guest-components-0.13.0-3.fc42

Running in a confidential VM, gather confidential-computing evidence, send it to Trustee and get secrets. A part of the confidential-containers project...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02923-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02923-1 advisory. The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2019-11135: TSX Asynchronous Abort condition bsc1139073. CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL...

SUSE-SU-2025:02923-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: TSX Asynchronous Abort condition bsc1139073. - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL...

Rethinking HSM and TPM Security in the Cloud: Real-World Attacks and Next-Gen Defenses

As organizations rapidly migrate to the cloud, the security of cryptographic key management has become a growing concern. Hardware Security Modules HSMs and Trusted Platform Modules TPMs, traditionally seen as the gold standard for securing encryption keys and digital trust, are increasingly...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52927: netfilter: allow exp not to be removed in nfctfindexpectation bsc1239644. CVE-2024-28956: x86/ibt: Keep IBT disabled during...

NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA

Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...

OpenCCA: an Open Framework to Enable Arm CCA Research

Confidential computing has gained traction across major architectures with Intel TDX, AMD SEV-SNP, and Arm CCA. Unlike TDX and SEV-SNP, a key challenge in researching Arm CCA is the absence of hardware support, forcing researchers to develop ad-hoc performance prototypes on non-CCA Arm boards. Th...

CVE-2023-38022

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser...

ACE: Confidential Computing for Embedded RISC-V Systems

Confidential computing plays an important role in isolating sensitive applications from the vast amount of untrusted code commonly found in the modern cloud. We argue that it can also be leveraged to build safer and more secure mission-critical embedded systems. In this paper, we introduce the...

A Survey on Privacy Risks and Protection in Large Language Models

Although Large Language Models LLMs have become increasingly integral to diverse applications, their capabilities raise significant privacy concerns. This survey offers a comprehensive overview of privacy risks associated with LLMs and examines current solutions to mitigate these challenges. Firs...

Confidential Serverless Computing

Although serverless computing offers compelling cost and deployment simplicity advantages, a significant challenge remains in securely managing sensitive data as it flows through the network of ephemeral function executions in serverless computing environments within untrusted clouds. While...