PT-2023-1409 · Amd · Amd Processor Security

Name of the Vulnerable Software and Affected Versions: AMD processor security software affected versions not specified Description: The issue is related to insufficient input validation during the parsing of the System Management Mode SMM binary, which may allow a maliciously crafted SMM executab...

PT-2023-1407 · Amd · Amd Bios

Name of the Vulnerable Software and Affected Versions: AMD BIOS software affected versions not specified Description: The issue is related to a buffer overflow in the memory of AMD processor security microcode, potentially allowing a remote attacker to disclose protected information. It involves...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the KVM SEV API that allows a non-root host user-level application to crash the host kernel by creating an...

DEBIAN-CVE-2021-26401

LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs...

AMD and Intel Processor Advisory - Lenovo Support US

No description provided...

AMD Processors 信息泄露漏洞

AMD Processors is a processor from the American company AMD. AMD Processors suffers from an information disclosure vulnerability that stems from deficiencies in the hardware mitigations that AMD has added to their products. An attacker could exploit this vulnerability to obtain sensitive...

AMD CPUs 安全漏洞

AMD CPUs is a GPU component from AMD Corporation. A security vulnerability exists in AMD CPUs that stems from an attacker being able to bypass access restrictions to AMD processor data via the branch predictor selector lfence/jmp to read sensitive information...

hw: improper isolation of shared resources in some Intel Processors

Microcode misconfiguration in some Intel processors may cause EIBRS mitigation CVE-2017-5715 to be incomplete. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access...

Intel® Graphics Drivers Multi-Generation Processor Privilege Escalation Vulnerability (CNVD-2021-10798)

Intel is an American company that develops CPUs and is the world's largest manufacturer of personal computer parts and CPUs. The Intel® Graphics Drivers Multi-Generation Processor Privilege Escalation vulnerability can be exploited by an attacker to potentially enable privilege escalation...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

Intel Adds Anti-Malware Protection in Tiger Lake CPUs

Intel’s upcoming class of mobile CPUs, code named “Tiger Lake,” will feature a long anticipated security layer, called Control-flow Enforcement Technology CET, which aims to protect against common malware attacks. CET protects against attacks on processors’ control flow, which refers to the order...

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

A new attack called Plundervolt gives attackers access to the sensitive data stored in a processor's secure enclave...

CVE-2019-11139

Improper conditions check in the voltage modulation interface for some IntelR XeonR Scalable Processors may allow a privileged user to potentially enable denial of service via local access...

Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs. Trusted Platform Module TPM is a...

hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...

USN-3540-1 linux, linux-aws, linux-euclid vulnerabilities

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provide...

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

A hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor SEP firmware. The hacker, identified only as xerub, told Threatpost that the key unlocks only the SEP firmware, and that this would not impact user data. “Everybody can look and poke a...