Stefanhttps://www.zdf.de/nachrichten/heute-19-uhr/videos/meinungsfreiheit-europa-usa-ap-trump-video-100.html #So #Meinungsfteoheit?USA! #EU #Kritik wegen #Rechzspopulisten #pocht auf #Freespeech #USA #Pressefreiheit #beschnitten, #Meiningsfreiheit?! #True #Trumpmeaningallowed #other #forbidden! #Thx #Vance #for #hotair & #noPartnership , #Enemy are #Demokratie #Autogratien #likrs #Trump #thazs #sad #USA #Wesee #Worldpower #goesunder!
Shweta ShindeCan a malicious cloud provider send bad notifications to break confidential VMs?
Disclosing #AhoiAttacks that break confidential computing offered by AMD SEV-SNP and Intel TDX by abusing interrupt delivery.
https://ahoi-attacks.github.io/
Our first attack #Heckler to appear Usenix Security 2024 breaks Intel TDX and AMD SEV-SNP by sending interrupts that trigger existing handlers to change the register state and variables in userspace. We break sshd, sudo, and other apps.
Our second attack #WeSee to appear IEEE Security & Privacy 2024 breaks AMD SEV-SNP by sending an interrupt specially introduced for SEV. Starting from a kernel read to arbitrary code injection, we gain a root shell.
Track CVE-2024-25742, CVE-2024-25743, CVE-2024-25744 for updates on fixes and patches.
A fantastic team effort by Benedict M. Schlüter, Supraja Sridhara, Andrin Bertschi, and Mark Kuhne!
Lilith Gnosis
The Bee Guy