what you don't know can hurt you
Showing 1 - 3 of 3 RSS Feed

Files from Cfir Cohen

Email addresscfir at google.com
First Active2018-01-06
Last Active2020-07-17
VMware ESXi Use-After-Free / Out-Of-Bounds Access
Posted Jul 17, 2020
Authored by Google Security Research, Cfir Cohen

Several security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.

tags | advisory, info disclosure
advisories | CVE-2020-3960, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965
MD5 | d2417f8af8ebed99ebd6fdfff7a2c153
AMD Secure Encrypted Virtualization (SEV) Key Recovery
Posted Jun 26, 2019
Authored by Google Security Research, Cfir Cohen

AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.

tags | advisory, remote
advisories | CVE-2019-9836
MD5 | 559575654f299416a1c983c68aaf13ba
AMD PSP fTPM Remote Code Execution
Posted Jan 6, 2018
Authored by Google Security Research, Cfir Cohen

AMD PSP suffers from an fTPM remote code execution vulnerability that can be performed through a crafted EK certificate.

tags | advisory, remote, overflow, code execution
MD5 | 49627edce894ee302ff8f2fcf54e0f53
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close