New Januscape Linux flaw allows VM escape on Intel, AMD devices
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
AMD designs processors and graphics hardware; flaws in their firmware, drivers, or platform security can expose systems to compromise.
Search across headline titles and summaries.
Background for this topic.
AMD is a semiconductor designer whose x86 CPUs, GPUs, accelerators, and embedded processors run PCs, servers, cloud hosts, and specialized systems. Their security depends on more than the silicon: CPU microcode, UEFI/BIOS firmware, device firmware, and platform components such as the AMD Secure Processor and virtualization extensions are also part of the attack surface.
AMD security advisories can cover speculative-execution flaws, firmware vulnerabilities, or weaknesses affecting virtualization and memory isolation. Exploitation may require local access or specific configurations, so impact depends on the processor, firmware, operating system, and workload. Defenders should track AMD and system-vendor advisories, identify affected CPU models, and deploy validated BIOS/UEFI, microcode, driver, and hypervisor updates. AMD Secure Encrypted Virtualization can reduce some risks from unauthorized host access to virtual-machine memory, but it does not replace guest hardening or protect every firmware and device path. Asset inventories and incident investigations should record processor and firmware versions when hardware-level issues are relevant.
Weekly headline count for the current query.
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. [...]
Academic researchers developed a side-channel attack called TEE.Fail, which allows extracting secrets from the trusted execution environment in the CPU, the highly secure area of a system, such as Intel's SGX and TDX, and AMD's SEV-SNP. [...]
A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. [...]
Microsoft has announced that hotpatch updates are now available for business customers using Windows 11 Enterprise 24H2 on x64 (AMD/Intel) systems, starting today. [...]
Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen issues. [...]
AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices. [...]
Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. [...]
The latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations. [...]
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. [...]
AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. [...]
Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. [...]
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. [...]
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [...]
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution. [...]
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models. [...]
Researchers from the Technical University of Berlin have developed a method to hack the AMD-based infotainment systems used in all recent Tesla car models and make it run any software they choose, aka achieve 'jailbreak.' [...]
Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [...]
After a long break, AMD has launched a new graphics driver, Adrenalin 23.7.1 WHQL (driver version 23.10.01.45). [...]
Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller (BMC) software impact server equipment used in many cloud service and data center providers. [...]