TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition

In this paper, the researchers show that the security guarantees of modern TEE offerings by Intel and AMD can be broken cheaply and easily, by building a memory interposition device that allows attackers to physically inspect all memory traffic inside a DDR5 server...

Compromising Trusted Execution Environments through DDR5 Memory Bus Interposition

Summary Researchers successfully executed a physical bus interposition attack targeting server-grade DDR5 memory, compromising the confidentiality of encrypted data during runtime. AMD does not plan to provide mitigations since physical vector attacks are out of scope for AMD SEV-SNP. as detailed...

EUVD-2007-4286

Malware in sbrugna...

WireTap: Breaking Server SGX via DRAM Bus Interposition

Whitepaper that delves into Intel’s Software Guard eXtension SGX. A common misconception is that physical attacks on SGX require expensive laboratory equipment, thus putting them out of reach of hobbyist-level attackers. In this work, the authors challenge this belief, showing how simple memory b...

glibc security, bug fix, and enhancement update

2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...

Race condition

Multiple race conditions in the 1 Sudo monitor mode and 2 Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing...

Race condition

Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit GSWTK allow local users to defeat system call interposition and possibly gain privileges or bypass auditing...

Race condition

Multiple race conditions in 1 certain rules and 2 argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb...

CVE-2007-4303

Multiple race conditions in 1 certain rules and 2 argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb...

CVE-2007-4303

CVE-2007-4303 concerns multiple race conditions in CerbNG for FreeBSD 4.8, specifically in (1) certain rules and (2) argument copying during VM protection. The issue permits local users to defeat system call interposition and potentially gain privileges or bypass auditing, demonstrated by alterin...

CVE-2007-4302

Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit GSWTK allow local users to defeat system call interposition and possibly gain privileges or bypass auditing...