Elena Reshetova
Elena Reshetova
**Problem** If a CoCo guest is booted using drivers/firmware/efi/libstub, this code needs to be audited, fuzzed and hardened to withstand malicious inputs from host/VMM. In particular some components of efi...
**Problem** [Bounds Check Bypass](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/analyzing-bounds-check-bypass-vulnerabilities.html) is a class of transient execution attack (also known as Spectre V1), which typically requires an attacker who can control an offset used during a speculative...
**Problem** In the current upstream Linux ioremap implementation, one has to explicitly request ioremap area to remain in a private CoCo guest memory via a "encrypted" flag (making a default...
**Summary** If a CoCo guest enables memory swapping to a disk, and assuming the disk is under control of host/VMM, it is possible to perform rollback attacks on CoCo guest...
**Submission**: https://lore.kernel.org/all/[email protected]/ **Summary**: Kernel timekeeping calculates a clock value by keeping a base value and adding the number of nanoseconds since that time. Those nanoseconds are calculated from the clocksource...
Make sure https://intel.github.io/ccc-linux-guest-hardening-docs/tdx-guest-hardening.html doesnt have out of date instructions, steps, etc.
The default recommended setup for kafl tdx fuzzing is: config TDX_FUZZ_KAFL_USE_RECOMMENDED bool "Use recommended options" depends on TDX_FUZZ_KAFL && !JUMP_LABEL && !DYNAMIC_FTRACE && !KPROBES select UNWINDER_FRAME_POINTER select TDX_FUZZ_KAFL_DETERMINISTIC select TDX_FUZZ_KAFL_SKIP_PARAVIRT_REWRITE...
Found in 6.0-rc2 via BOOT_VIRTIO_BLK_PROBE harness. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT DEBUG_PAGEALLOC KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 1 Comm: swapper...
Found on 6.0.0-rc2 via US_DHCP harness. [hcat] udhcpc: sending discover BUG: KASAN: slab-out-of-bounds in virtio_check_driver_offered_feature (drivers/virtio/virtio.c:112) Read of size 8 at addr ffff888007de0070 by task kworker/0:1/23 CPU: 0 PID: 23...
Found in 6.0-rc2 via BOOT_REST_INIT harness. PCI: Fatal: No config space access function found ACPI Error: No installed handler for fixed event - PM_Timer (0), disabling (20220331/evevent-255) ACPI Error: No...