@dofh_ru · Post #3570 · 05.02.2025 г., 17:54
Here we go again! SEV-SNP is vulnerable, again. New AMD SEV-SNP vulnerability: https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w Exploit: https://github.com/google/security-research/tree/master/pocs/cpus/entrysign Reports about two recent vulnerabilities in SEV-SNP memory encryption and isolation mechanism, on CPU pipeline, cache and branch prediction level: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3010.html AMD reported that previous approaches to Spectre class attacks will work to fix new vulnerabilities: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/tuning-guides/software-techniques-for-managing-speculation.pdf #cVM #TEE #SEV #SNP #SEV_SNP #AMD