Found 7 bookmarks
Newest
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
By Tyler Sorensen and Heidy Khlaaf We are disclosing LeftoverLocals: a vulnerability that allows recovery of data from GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs. LeftoverLocals impacts the security posture of GPU applications as a whole, with particular significance to LLMs and ML models run on impacted GPU…
#trailofbits#EN#2024#Apple#LeftoverLocals#AMD#GPU#Qualcomm#leak#memory
·blog.trailofbits.com·
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
An issue has been discovered in the Linux kernel that can be abused by unprivileged local users to escalate privileges. The issue is about Netfilter nf_tables accepting some invalid updates to its configuration.
#seclists.org#EN#2023#CVE-2023-32233#Linux#Kernel#Netfilter#nf_tables#arbitrary#memory#vulnerability
·seclists.org·
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
TCG TPM2.0 implementations vulnerable to memory corruption
TCG TPM2.0 implementations vulnerable to memory corruption
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities. This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys).
#cert.org#2023#EN#TPM#TPM2.0#TCG#memory#buffer#Buffer-Overflow
·kb.cert.org·
TCG TPM2.0 implementations vulnerable to memory corruption
TCG TPM2.0 implementations vulnerable to memory corruption
TCG TPM2.0 implementations vulnerable to memory corruption
Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and trigger these vulnerabilities. This allows either read-only access to sensitive data or overwriting of normally protected data that is only available to the TPM (e.g., cryptographic keys).
#cert.org#2023#EN#TPM#TPM2.0#TCG#memory#buffer#Buffer-Overflow
·kb.cert.org·
TCG TPM2.0 implementations vulnerable to memory corruption
Google Online Security Blog: Memory Safe Languages in Android 13
Google Online Security Blog: Memory Safe Languages in Android 13
As the amount of new memory-unsafe code entering Android has decreased, so too has the number of memory safety vulnerabilities. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.
#Google#EN#2022#memory-safe#Android#statistics#vulnerabilities#memory#safety
·security.googleblog.com·
Google Online Security Blog: Memory Safe Languages in Android 13
Google Online Security Blog: Memory Safe Languages in Android 13
Google Online Security Blog: Memory Safe Languages in Android 13
As the amount of new memory-unsafe code entering Android has decreased, so too has the number of memory safety vulnerabilities. From 2019 to 2022 it has dropped from 76% down to 35% of Android’s total vulnerabilities. 2022 is the first year where memory safety vulnerabilities do not represent a majority of Android’s vulnerabilities.
#Google#EN#2022#memory-safe#Android#statistics#vulnerabilities#memory#safety
·security.googleblog.com·
Google Online Security Blog: Memory Safe Languages in Android 13