Lucene search
K

130 matches found

CNVD
CNVD
added 2020/11/24 12:0 a.m.1 views

IBM Power processor information disclosure vulnerability

The IBM Power System is a Power processor-based server computer from IBM in the United States. A security vulnerability exists in IBM Power9 processor, which can be exploited by an attacker to obtain sensitive information from data in the L1 cache under the right circumstances...

5.1CVSS6.2AI score0.00387EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.8 views

IBM i 安全漏洞

The IBM Power System is a Power processor-based server computer from IBM in the United States. A security vulnerability exists in IBM Power9 processor, which can be exploited by an attacker to obtain sensitive information from data in the L1 cache under the right circumstances...

5.1CVSS6.4AI score0.00387EPSS
Exploits0References37
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.8 views

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

6.8CVSS7.1AI score0.00927EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.4 views

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

...

6.7CVSS7AI score0.00358EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/06/23 1:8 p.m.2 views

hw: L1D Cache Eviction Sampling

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...

5.5CVSS6.5AI score0.00587EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/06/09 6:15 p.m.4 views

hw: L1D Cache Eviction Sampling

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...

5.5CVSS6.5AI score0.00587EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/05/14 7:8 p.m.8 views

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

6.8CVSS6.8AI score0.00927EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/05/12 3:31 p.m.3 views

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

6.8CVSS6.8AI score0.00927EPSS
Exploits1References4
OSV
OSV
added 2020/03/17 1:48 a.m.9 views

USN-4303-1 linux, linux-aws, linux-kvm vulnerability

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information...

6.8CVSS6.7AI score0.00927EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/03/10 12:0 a.m.5 views

The vulnerability of the way predictor implementation in AMD processor CPUs’ L1D data cache allows attackers to restore the encryption key in vulnerable AES implementations, reduce the effectiveness of ASLR protection, or extract data from the processor’s core.

The vulnerability of the way predictor implementation in AMD processors’ L1D cache involves collisions with the hash function used to calculate tags, which are used to locate a channel in the L1D cache. Exploiting this vulnerability can allow an attacker to recover encryption keys in vulnerable A...

8.1CVSS5.5AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/03/10 12:0 a.m.55 views

The vulnerability of the way predictor implementation in AMD CPUs’ L1D cache architecture allows a hacker to gain access to memory on the same CPU’s physical core.

The vulnerability of the way predictor’s implementation for first-level cache data on AMD CPUs’ L1D cache relates to the fact that accessing the same memory cell from a different virtual address may cause that cell to be evicted from the L1D cache. Exploiting this vulnerability could allow a remo...

8.1CVSS5.5AI score
Exploits0References3
The Hacker News
The Hacker News
added 2020/03/09 2:20 p.m.4 views

9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as "Take A Way," the new potential attack vectors leverage the L1 data L1D cache way predictor in...

5.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/01/29 12:0 a.m.3 views

The vulnerability of Intel processors, caused by data leakage from the L1D cache, allows attackers to disclose protected information.

The vulnerability of Intel processors stems from a data leak from the L1D cache. Exploiting this vulnerability can allow an attacker to disclose protected information...

2.1CVSS6.8AI score0.00587EPSS
Exploits0References10Affected Software2
RedHat Linux
RedHat Linux
added 2019/05/14 9:10 p.m.3 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 9:10 p.m.5 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 9:10 p.m.2 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 8:48 p.m.3 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 8:44 p.m.3 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 7:53 p.m.6 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/05/14 7:28 p.m.4 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
Rows per page
Query Builder