Astra Linux - уязвимость в mbedtls

A issue was discovered in Arm Mbed TLS before version 2.23.0. A remote attacker can retrieve plaintext data because a certain countermeasure, known as “Lucky 13,” does not properly handle the case where a hardware accelerator is involved...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: cxl/ras: Fixed the device confusion in the CPER handler. Upon inspection, the cxlcperhandleproterr function makes several fragile assumptions that can lead to crashes: 1. It assumes that the endpoints identified in the record...

Speed Kills: Exploring Confused Deputy Attacks through Edge AI Accelerators

AI Accelerator AIA are specialized hardware e.g., Tensor Processing Unit TPU, that enable optimal and efficient execution of AI applications and on-device inference. The growing demand for AI applications has led to the widespread adoption of AIAs on Edge or embedded devices on Edge or embedded...

EUVD-2023-56113

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38488

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming...

HEIR: a Universal Compiler for Homomorphic Encryption

This work presents Homomorphic Encryption Intermediate Representation HEIR, a unified approach to building homomorphic encryption HE compilers. HEIR aims to support all mainstream techniques in homomorphic encryption, integrate with all major software libraries and hardware accelerators, and...

AMD Graphics Vulnerabilities – August 2025

Summary Audits performed on AMD graphics and datacenter accelerator products, as well as external reports received by AMD, uncovered potential vulnerabilities affecting AMD graphics, datacenter, and some client processors...

UBUNTU-CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

CVE-2025-38488 smb: client: fix use-after-free in crypt_message when using async crypto

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

CVE-2025-38488 smb: client: fix use-after-free in crypt_message when using async crypto

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

CVE-2025-38488

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cryptmessage when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from cryptmessage, assuming all crypto operations are synchronous. However, when hardware crypto...

Securing Transformer-Based AI Execution Via Unified TEEs and Crypto-Protected Accelerators

Recent advances in Transformer models, e.g., large language models LLMs, have brought tremendous breakthroughs in various artificial intelligence AI tasks, leading to their wide applications in many security-critical domains. Due to their unprecedented scale and prohibitively high development cos...

CVE-2025-38252 cxl/ras: Fix CPER handler device confusion

In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxlcperhandleproterr is making a series of fragile assumptions that can lead to crashes: 1/ It assumes that endpoints identified in the record are a CXL-type-3 device,...

PT-2025-31084

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the SMB client within the Linux kernel's crypt message function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 remove...

CRYPTONITE: Scalable Accelerator Design for Cryptographic Primitives and Algorithms

Cryptographic primitives, consisting of repetitive operations with different inputs, are typically implemented using straight-line C code due to traditional execution on CPUs. Computing these primitives is necessary for secure communication; thus, dedicated hardware accelerators are required in...

CVE-2023-51392

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

CVE-2023-51392 Silicon Labs EFR32xxx parts with classic key storage do not use hardware accelerated AES-CCM

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks...

CVE-2023-51392

Summary: CVE-2023-51392 affects Silicon Labs EmberZNet v7.2.0–v7.4.0 where software AES-CCM is used instead of hardware-accelerated cryptography, potentially enabling side-channel risks (electromagnetic and differential power analysis). The connected sources specify Ember ZNet and related advisor...

PT-2024-14105 · Ember · Ember Znet

Name of the Vulnerable Software and Affected Versions: Ember ZNet versions 7.2.0 through 7.4.0 Description: The issue is related to the use of software AES-CCM instead of integrated hardware cryptographic accelerators in Ember ZNet, potentially increasing the risk of electromagnetic and...

Fedora: Security Advisory (FEDORA-2023-ea65146fd4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...