8 matches found
Dstack-Capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes
The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers CoCo, enforce a strict "one Pod per VM" model that attests only the Guest OS stack,...
Contrast BadAML injection allows arbitrary code execution
BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...
NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA
Arm Confidential Computing Architecture CCA currently isolates at the granularity of an entire Confidential Virtual Machine CVM, leaving intra-VM bugs such as Heartbleed unmitigated. The state-of-the-art narrows this to the process level, yet still cannot stop attacks that pivot within the same...
WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy
Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence AI capabilities in a privacy-preserving manner. "Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or...
Linux Distros Unpatched Vulnerability : CVE-2022-48890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvscqueuecommand maps th...
SUSE CVE-2022-48890
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvscqueuecommand maps the scatter/gather list using scsidmamap, which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in...
UBUNTU-CVE-2022-48890
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvscqueuecommand maps the scatter/gather list using scsidmamap, which in a confidential VM allocates swiotlb bounce buffers. If the I/O submission fails in...
PT-2022-7634 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a swiotlb bounce buffer leak in confidential VMs. The storvsc queuecommand function maps the scatter/gather list using scsi dma map, which allocates swiotlb...