TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads

Affected Products AMD EPYC™ Series Processors AMD EPYC™ 7003 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ 9004 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded Series Processors AMD EPYC™ Embedded 7003 AMD EPYC™ Embedded 8004 AMD EPYC™ Embedded 9004 AMD EPYC™...

AMD EPYC Processor 安全漏洞

The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor, which stems from improper use of the boot service. This vulnerability may lead to privilege escalation and arbitrary code...

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There is a security vulnerability in AMD Processors, which stems from improper operation limits within the memory buffer boundaries. This vulnerability may allow attackers with access to guest virtual...

Security Bulletin: IBM Security Guardium is affected by multiple OS level vulnerabilities

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple...

CVE-2024-36347

A flaw was found in AMD processors. This flaw allows an attacker with system administration privileges to exploit an issue in the signature verification in the AMD CPU ROM microcode patch loader, allowing the load of malicious microcode. This issue could impact the integrity of x86 instruction...

SPI Lock Bypass

Bulletin ID: AMD-SB-1041 Potential Impact: System Integrity Severity: High Summary Potential weaknesses in AMD’s SPI protection features may allow an attacker to bypass the native System Management Mode SMM ROM protections. CVE Details CVE-2022-23829 A potential weakness in AMD SPI protection...

SUSE CVE-2020-12966

AMD EPYCtm Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP. A local authenticated attacker could potentially exploit this vulnerability leading to...

PT-2024-12272 · Amd +8 · Amd Epyc Processors +10

Name of the Vulnerable Software and Affected Versions: AMD EPYC Processors affected versions not specified AMD Ryzen Processors affected versions not specified AMD Threadripper Processors affected versions not specified Description: The issue is related to improper validation in a model specific...

SEV-SNP Firmware Vulnerabilities

Bulletin ID: AMD-SB-3007 Potential Impact: Data leakage CVE-2023-31346 and loss of integrity CVE-2023-31347 Severity: Refer to the CVE Details section Summary This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below. CVE...

AMD EPYC Security Vulnerability

AMD EPYC is an x86 architecture server microprocessor product line from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC™ Processors that stems from insufficient data authenticity validation in AGESA, resulting in a...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC Generation 3 and 4 that allows a privileged attacker to prevent the delivery of debugging exception...

Debug Exception Delivery in Secure Nested Paging

Bulletin ID: AMD-SB-3006 Potential Impact: Suppression of guest debug exceptions Severity: Low Summary A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: libssh...

AMD INVD Instruction Security Notice

Bulletin ID: AMD-SB-3005 Potential Impact: Memory integrity Severity: Medium Summary External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine VM memory integrity. CVE Details Refer to Glossary for...

AMD EPYC Security Vulnerability

AMD EPYC is an x86 architecture server microprocessor product line from AMD, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which stems from a possible change in the SMM configuration when SNP is enabled, resulting in a loss of...

PT-2023-17472 · Amd · 3Rd Gen Amd Epyc™ Processors +99

Name of the Vulnerable Software and Affected Versions: Insufficient information is provided to determine the specific software and versions affected. Description: The issue involves improper initialization of variables in the DXE driver, potentially allowing a privileged user to leak sensitive...

AMD EPYC 安全漏洞

AMD EPYC is an x86 architecture server microprocessor product line from AMD Semiconductor, known in Chinese as Xiaolong, which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which originated in a specific microarchitecture environment, allowing an attacker to...

AMD processors 安全漏洞

AMD Processors is a processor from AMD Semiconductor AMD. A security vulnerability exists in AMD processors that stems from a power-side channel vulnerability that could allow an authenticated attacker to use the power reporting feature to monitor the execution of programs within an AMD SEV virtu...

PT-2023-12093 · Amd · 1St Gen Amd Epyc™ Processors +110

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace,...

SUSE CVE-2018-8933

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3...