Astra Linux - уязвимость в intel-microcode

Unauthorized error injection in IntelR SGX or IntelR TDX for some IntelR XeonR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011378)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011378 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and...

CVE-2022-50720

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor...

UBUNTU-CVE-2022-50720

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor...

CVE-2022-50720

The CVE-2022-50720 entry concerns the Linux kernel x86 APIC handling: BIOS can lock APIC into x2APIC mode, and if the kernel attempts to disable x2APIC or revert to legacy APIC while locked, a GP fault can occur. The vulnerability is tied to the new MSR IA32_XAPIC_DISABLE_STATUS and the LEGACY_XA...

Linux Distros Unpatched Vulnerability : CVE-2022-50720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with...

New Attacks Against Secure Enclaves

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I've written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an...

Security update for ucode-intel

This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250812 release bsc1248438 CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable...

SUSE CVE-2025-32086

Improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

UBUNTU-CVE-2025-32086

Improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2025-20053

CVE-2025-20053 involves improper buffer restrictions in Intel Xeon processor firmware with SGX enabled, enabling local privilege escalation for a privileged user. Affected component is Intel Xeon processor firmware (SGX-enabled) and related microcode/microcode_ctl updates are common mitigation pa...

x86/sgx: Prevent attempts to reclaim poisoned pages

...

On the Day They Experience: Awakening Self-Sovereign Experiential AI Agents

Drawing on Andrew Parker's "Light Switch" theory-which posits that the emergence of vision ignited a Cambrian explosion of life by driving the evolution of hard parts necessary for survival and fueling an evolutionary arms race between predators and prey-this essay speculates on an analogous...

DEBIAN-CVE-2024-36293

Improper access control in the EDECCSSA user leaf function for some IntelR Processors with IntelR SGX may allow an authenticated user to potentially enable denial of service via local access...

kernel: x86/apic: Don't disable x2APIC if locked

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and Extended APIC or x2APIC. X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor...

ALPINE-CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some IntelR XeonR D Processors with IntelR SGX may allow a privileged user to potentially enable information disclosure via local access...

Google Asylo 安全漏洞

Google Asylo is a framework for the development of trusted applications from Google USA. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in asylo that stems from the ability to modify...

hw: Intel SGX information leak

A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory...