137 matches found
CVE-2024-57793 virt: tdx-guest: Just leak decrypted memory on unrecoverable errors
In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...
CVE-2024-51997
Trustee (open-source) contains a vulnerability in the Attestation Results Token (ART) where the embedded jwk in the ART payload can be replaced by a MITM attacker, allowing the attacker to sign crafted tokens with their private key. The current code path (v0.8.0) does not detect such replacement,...
CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...
CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...
The vulnerability of the handle_mmio() function in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the handlemmio function in the arch/x86/coco/tdx/tdx.c module of the Linux operating system’s kernel is related to the lack of address validation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
CVE-2024-10141
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141 jsbroks COCO Annotator Session predictable state
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
CVE-2024-10141
The CVE-2024-10141 issue affects jsbroks COCO Annotator 0.11.1, specifically the Session Handler component where manipulating the SECRET_KEY causes a predictable state from observable state. It can be initiated remotely, with attack complexity described as high and exploitability as difficult. Mu...
CVE-2024-10141 jsbroks COCO Annotator Session predictable state
A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...
COCO Annotator 安全漏洞
COCO Annotator is a web-based image annotation tool from the individual developer Justin Brooks. Designed for versatility and efficiency in labeling images. A security vulnerability exists in COCO Annotator version 0.11.1, which stems from the parameter SECRETKEY of the component Session Handler...
PT-2024-16060 · Unknown · Jsbroks Coco Annotator
Name of the Vulnerable Software and Affected Versions: jsbroks COCO Annotator version 0.11.1 Description: A problematic vulnerability was found in the Session Handler component of jsbroks COCO Annotator. The manipulation of the SECRET KEY argument leads to a predictable state from an observable...
SUSE SLES15: kernel-coco / kernel-coco-devel / kernel-coco_debug / etc (SUSE-SU-2024:3553-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3553-1 advisory. The SUSE Linux Enterprise 15 SP6 CoCo kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...
Oracle Linux 9 : kernel (ELSA-2024-6567)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6567 advisory. - usb-storage: alauda: Check whether the media is initialized CKI Backport Bot RHEL-43716 CVE-2024-38619 - mm: avoid overflows in dirty throttling logi...
kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems
CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing CoCo environments. In these setups, the virtual machine VM host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliab...
Moderate: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
CVE-2024-36909
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resultin...
CVE-2024-36912
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbusgpadl In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is share...
CVE-2024-36911
In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...
CVE-2024-36910
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need...