New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
Januscape: A 16-year-old Linux KVM flaw lets cloud VM tenants crash hosts and potentially escape guests. It affects Intel and AMD systems. Security researcher Hyunwoo Kim has published details of a use-after-free vulnerability in Linux’s KVM hypervisor that allows code running inside a guest virtual machine to corrupt host kernel memory. The bug, tracked as […]
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors
AMD Zen hardware and Intel Coffee Lake affected If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries.…
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks
The latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations. [...]
Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR)
SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android Patch Tuesday Microsoft fixed 73 security holes in this February's Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.…
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm
A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors
AMD Zen chips, meanwhile, are vulnerable to side-channel data scrying A group of computer scientists has identified an architectural error in certain recent Intel CPUs that can be abused to expose SGX enclave data like private encryption keys.…
With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat
Security researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks
Speculative execution side-channels continue to haunt silicon world Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.…
A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack
Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.…
And Adobe, SAP, Intel, AMD, Cisco, Google join in Patch Tuesday Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. The IT giant is confident none of the bugs have been actively exploited. …
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [...]