Elena Reshetova
Elena Reshetova
I guess everyone is aware that the current AES implementation is not resistant to traditional non-speculative side channels due to the direct usage of T-tables, which can reveal the information...
We all know how important are kernel CVEs and how many of them usually produced every year. This was post showing just 2015 kernel CVEs: http://www.openwall.com/lists/kernel-hardening/2016/01/19/1 However, currently cve-check-tool isn't...
After upgrading to version 5.6.4 from the previous one, when a tool tries to update the database, this happens: process_node(): attempt to write to a readonly database process_node(): attempt to...
The following hardening fixes around MSIX table size/offset handling, aiming to prevent a malicious device or VMM from triggering bugs by supplying bogus values were discovered by a fuzzer and...
The CoCo guest kernel can be attacked by the host/VMM through CoCo-specific hypercalls (to get values of PIO, MMIO, PCI config space, etc.) or shared memory communication interfaces. The static...
**Problem** **The below is TDX specific**: Untrusted VMM can inject both non-NMI interrupts (via posted-interrupt mechanism) or NMI interrupts. However, TDX module does not allow VMM injecting interrupt vectors in...
**Problem** For a CoCo guest a malicious host/VMM can prevent IPIs to be delivered across vCPUs. We need to ensure that all missing IPIs can be detected or force waiting...
**Problem** ACPI tables are (mostly) controlled by the host and only passed through the TDVF (see TDX guest virtual firmware for more information). They are measured into TDX attestation registers,...
**Problem** A read from a PIO inside a CoCo guest can result in consumption of malicious data from host/VMM and if the code is not ready to handle such input,...
**Problem** The core PCI subsystem in a CoCo guest performs a lot of activity (mainly consuming data from host-controlled pci config space) where it can receive malicious input from untrusted...