118 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – Prevent crashes during suspension with iMX8QM/iMX8ULP Since the CAAM on these SoCs is managed by another ARM core, called the SECO Security Controller on iMX8QM and Secure Enclave on iMX8ULP. This core also reserve...
ios-imessage-zero-click-exploit
CVE-2025-31200/31201 - iOS Zero-Click iMessage Exploit Chai...
Astra Linux - уязвимость в mbedtls
A issue was discovered in Arm Mbed TLS prior to version 2.23.0. Due to a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolved the race condition between SECS reclaiming and page fault for EAUG. The SGX EPC reclaimer ksgxd may reclaim the SECS EPC page for an enclave and set secs.epcpage to NULL. The SECS page is used for EAUG and ELDU ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Add a overflow check in sgxvalidateoffsetlength The sgxvalidateoffsetlength function verifies the "offset" and "length" arguments provided by userspace. However, there was a lack of an overflow check when these arguments...
AppleSEPKeyStore Stress Tester / Fuzzer
This code is not a fully functional exploit, but rather a concurrency stress test and race-condition trigger targeting the Apple Secure Enclave key management driver AppleSEPKeyStore...
Exploit for Code Injection in Apple Securerom
🔐 iOS Security Research Deep-dive notes on iOS security inter...
MiracleLinux 7 : microcode_ctl-2.1-53.3.el7 (AXEA:2019-4383:06)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXEA:2019-4383:06 advisory. - Insufficient access control in protected memory subsystem for IntelR SGX for 6th, 7th, 8th, 9th Generation IntelR CoreTM Processor Families; Intel...
CVE-2021-28653
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware...
CVE-2022-50720
In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor...
JLSEC-2025-204 An issue was discovered in Arm Mbed TLS before 2.23.0
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed...
JLSEC-2025-201 An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinate of the result of scalar multiplication by exploiting side...
Astra Linux – Vulnerability in Intel Microcode
Improper buffer restrictions in the firmware of certain IntelR XeonR Processors with SGX enabled may allow a privileged user to potentially enable privilege escalation through local access...
AEX-NStep: Probabilistic Interrupt Counting Attacks on Intel SGX
To mitigate interrupt-based stepping attacks notably using SGX-Step, Intel introduced AEX-Notify, an ISA extension to Intel SGX that aims to prevent deterministic single-stepping. In this work, we introduce AEX-NStep, the first interrupt counting attack on AEX-Notify-enabled Enclaves. We show tha...
EUVD-2020-23949
Malware in sbrugna...
EUVD-2020-21811
Malware in sbrugna...
EUVD-2020-29771
Malware in sbrugna...
EUVD-2020-29775
Malware in sbrugna...
EUVD-2020-29774
Malware in sbrugna...
EUVD-2021-9691
Malicious code in bioql PyPI...