Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability CVE-2021-0186, CVSS score: 8.2 was discovered by a group of academics from...

openSUSE 15 Security Update : xen (openSUSE-SU-2021:2923-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2923-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

CVE-2021-0114

Unchecked return value in the firmware for some IntelR Processors may allow a privileged user to potentially enable an escalation of privilege via local access...

USN-4985-1: Intel Microcode vulnerabilities | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O VT-d. This may...

CVE-2021-0089

Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

CVE-2020-8702

Uncontrolled search path element in the IntelR Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-8670

Race condition in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2020-8700

Improper input validation in the firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2020-24512

Observable timing discrepancy in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Privilege escalation

Uncontrolled search path element in the IntelR Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-0089

CVE-2021-0089 concerns an observable response discrepancy in some Intel processors that could let an authorized local user potentially disclose information. The connected sources corroborate that this is a processor/CPU issue affecting Intel CPUs and related Xen/Citrix contexts, with the primary ...

CVE-2020-24486

Improper input validation in the firmware for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...

CVE-2020-24486

CVE-2020-24486 is an Intel firmware vulnerability caused by improper input validation in the firmware of some Intel processors. An authenticated local attacker could potentially cause a denial of service. The issue is described in Intel’s advisory as part of a family of firmware vulnerabilities; ...

CVE-2020-12358

Out of bounds write in the firmware for some IntelR Processors may allow a privileged user to potentially enable denial of service via local access...

CVE-2020-8700

Affected software/hardware: Intel processors firmware. Root cause: Improper input validation in the firmware. Impact: Privilege escalation via local access by a privileged user; confidentiality, integrity, and availability may be affected (CVSS v3.1 base 6.7). Exploitation info: Not detailed in t...

CVE-2020-12357

CVE-2020-12357 describes an improper initialization in the firmware for some Intel processors that could allow a privileged user to escalate privileges via local access. The vulnerability is documented in Intel’s IPU BIOS advisory (INTEL-SA-00463) and is linked to the same family of processor fir...

CVE-2020-8702

Uncontrolled search path element in the IntelR Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-8702

CVE-2020-8702 affects the Intel Processor Diagnostic Tool prior to version 4.1.5.37. The issue is an uncontrolled search path element that could allow an authenticated local user to escalate privileges. The CVSS v3.1 base score is 7.3 (HIGH) with LOCAL attack vector, privileges required: LOW, use...

Intel INTEL-SA-00463 缓冲区错误漏洞

Intel INTEL-SA-00463 is the BIOS firmware for Intel® processors from Intel Corporation USA. INTEL-SA-00463 suffers from a buffer error vulnerability that stems from a processor firmware out-of-bounds write that could allow a privileged user to enable denial of service via local access...