35 matches found
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013705)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013705 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and...
EUVD-2019-8346
Malware in sbrugna...
SUSE CVE-2025-38334
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
AZL-72587 CVE-2025-38334 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents to secondary storage. SGX instructions do not gracefully handle machine checks. Despite this, the existing SGX code...
openSUSE: Security Advisory for ucode (SUSE-SU-2022:2960-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2023-52568
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer ksgxd may reclaim the SECS EPC page for an enclave and set secs.epcpage to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault...
Side Channel Attack
github.com/containerd/containerd is vulnerable to Side Channel Attack. The vulnerability is caused due to an unprivileged access to Intel's RAPL Running Average Power Limit readings which provides software insights into hardware energy consumption. This can be exploited to mount power-based...
SUSE-SU-2022:2960-1 Security update for ucode-intel
This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...
SUSE-SU-2022:2838-1 Security update for ucode-intel
This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...
SUSE: Security Advisory (SUSE-SU-2022:2832-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:2833-1 Security update for ucode-intel
This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...
SUSE-SU-2022:2832-1 Security update for ucode-intel
This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...
Synaptics Fingerprint Driver 缓冲区错误漏洞
Synaptics Fingerprint Driver is a regional touch and swipe fingerprint driver from Synaptics, Inc. The Synaptics Fingerprint Driver suffers from a buffer error vulnerability that originates from allowing a local attacker to send crafted commands to the driver's SGX Enclave to overwrite heap memor...
Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability CVE-2021-0186, CVSS score: 8.2 was discovered by a group of academics from...
Vulnerabilities in processors fixed
Researchers have found vulnerabilities in several processors. The vulnerabilities marked CVE-2020-8694 and CVE-2020-8695 have been named Platypus, an acronym for Power Leakage Attacks: Targeting Your Protected User Secrets. The vulnerabilities allow a local malicious person to obtain obtain...
CVE-2020-8695
A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem. Mitigation Until a firmwar...
Information Disclosure
Arm Mbed TLS is vulnerable to Information Disclosure. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to...
CVE-2019-18619
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...
Code injection
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...
CVE-2019-18619
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave all versions prior to 2019-11-15 allows a local user to execute arbitrary code in the enclave that can compromise confidentiality of enclave data via APIs that accept invalid pointers...