167 matches found
Information disclosure
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...
UBUNTU-CVE-2023-31346
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...
CVE-2023-31346
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...
CVE-2023-31346
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...
PT-2024-12275
Name of the Vulnerable Software and Affected Versions SEV Firmware affected versions not specified Description The issue is related to the failure to initialize memory in SEV Firmware, which may allow a privileged attacker to access stale data from other guests. Recommendations At the moment, the...
hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...
hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...
Information Disclosure
IntelR Processors are vulnerable to Information Disclosure. This vulnerability occurs when an attacker uses a specially crafted instruction to access stale data from previously used vector registers on the same physical core. This could allow the attacker to infer sensitive information, such as...
Medium: microcode_ctl
Issue Overview: A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical...
CVE-2022-40982
A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core. Mitigation T...
Potential Stale Data Due to Inadequate Round Validation
Lines of code Vulnerability details Impact Even tough the dev is checking if the data is stale or not some valid prices could still be considered as invalid because of this line: answeredInRound == roundId, sometimes the answeredInRound might be greater than roundId and would still be valid but i...
Chainlink's latestRoundData might return stale or incorrect results
Lines of code Vulnerability details Impact Chainlink's latestRoundData is used but there is no check if the return value indicates stale data. This could return stale price data for the underlying asset. Proof of Concept getChainlinkPrice function uses Chainlink's latestRoundData to get the lates...
updatedAt TIMESTAMP IS NOT USED TO DETECT STALE ORACLE PRICES
Lines of code Vulnerability details Impact The external Chainlink oracle, which provides index price information to the system, introduces risk inherent to any dependency on third-party data sources. For example, the oracle could fall behind or otherwise fail to be maintained, resulting in outdat...
No stale data check on data being read from POR feed
Lines of code Vulnerability details Impact Stale data of exchange rate data being used protocol, resulting in loss in terms of ETHX being minted at stale exchange rate which won't have accounted for new reward Recommended Mitigation Steps Check lastUpdatedAt timestamp and that it is within...
K04808933: Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127
Security Advisory Description CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel...
Price feed in MCAGRateFeed#getRate is not sufficiently validated and can return stale price
Lines of code Vulnerability details Impact MCAGRateFeedgetRate may return stale data Proof of Concept , int256 answer,,, = oracle.latestRoundData; Classic C4 issue. getRate only uses answer but never checks the freshness of the data, which can lead to stale bond pricing data. Stale pricing data c...
StabilizerNode.stabilize uses stale GlobalImpliedCollateralService data, which will make stabilize incorrect
Lines of code Vulnerability details Impact In StabilizerNode.stabilize, impliedCollateralService.syncGlobalCollateral is called only at the end of the function to synchronize the GlobalImpliedCollateralService data. if !shouldAdjustSupplyexchangeRate, stabilizeToPeg lastStabilize = block.timestam...
_distributeProfit will use the stale globalIC.swingTraderCollateralDeficit()/swingTraderCollateralRatio(), which will result in incorrect profit distribution
Lines of code Vulnerability details Impact The distributeProfit called by handleProfit will use globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio when distributing profits, and the latest globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio needs to be used to ensure th...
Intel® Processors MMIO Stale Data Advisory
Summary: Potential security vulnerabilities in Memory Mapped I/O MMIO for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-21123 Description: Incomplete cleanup of...
[NAZ-M1] Chainlink's latestRoundData Might Return Stale Results
Lines of code Vulnerability details Impact Across these contracts, you are using Chainlink's latestRoundData API, but there is only a check on updatedAt. This could lead to stale prices according to the Chainlink documentation: Historical Price data Checking Your returned answers The result of...