New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
Januscape: A 16-year-old Linux KVM flaw lets cloud VM tenants crash hosts and potentially escape guests. It affects Intel and AMD systems. Security researcher Hyunwoo Kim has published details of a use-after-free vulnerability in Linux’s KVM hypervisor that allows code running inside a guest virtual machine to corrupt host kernel memory. The bug, tracked as […]
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors
Local privileges required to exploit flaw in Ryzen and Epyc CPUs. Some patches available, more on the way AMD will issue a microcode patch for a high-severity vulnerability that could weaken cryptographic keys across Epyc and Ryzen CPUs.…
Chipmaker Confirms Vulnerability, Which Poses Risk to Confidential Cloud ComputingChipmaker Advanced Micro Devices is issuing fixes for a vulnerability in multiple types of processors, dubbed "RMPocalypse," that attackers could exploit to access data being transmitted to, processed or stored in confidential virtual machines provided by cloud service providers.
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)
For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions
Answers on a postcard to what 'Microcode Signature Verification Vulnerability' might mean AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this month after a fix for the flaw appeared in a beta BIOS update from PC maker Asus.…
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks
The vulnerability has been around for nearly 20 years and gives sophisticated attackers a way to bury virtually undetectable bootkits on devices with EPYC and Ryzen microprocessors.
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. [...]
Also: Chinese Cyberespionage, Defiant Cleveland, and a Spanish Ransomware AttackThis week, ONNX targeted Microsoft 365, Symantec spotted Chinese espionage, AMD may have been breached, Cleveland vowed to defy hackers, Black Basta hit a Spanish firm, Pakistani hackers targeted India, Microsoft said it fixed flaws in Azure, and the U.S. and Indonesia held a cybersecurity exercise.
LeftoverLocals Affects Apple, AMD and Qualcomm DevicesResearchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.
LeftoverLocals Affects Apple, AMD and Qualcomm DevicesResearchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.
So much for isolation A design flaw in GPU drivers made by Apple, Qualcomm, AMD, and likely Imagination can be exploited by miscreants on a shared system to snoop on fellow users.…
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. [...]
Let's do the CacheWarp again Boffins based in Germany and Austria have found a flaw in AMD's SEV trusted execution environment that makes it less than trustworthy.…