Home
last modified time | relevance | path

Searched refs:attack (Results 1 – 25 of 55) sorted by relevance

123

/linux/Documentation/admin-guide/hw-vuln/
H A Dattack_vector_controls.rst8 Administrators are encouraged to consider which attack vectors are relevant and
12 attack vector controls so administrators will likely not need to reconfigure
14 applied based on the chosen attack vector controls.
19 There are 5 sets of attack-vector mitigations currently supported by the kernel:
27 To control the enabled attack vectors, see :ref:`cmdline`.
34 The user-to-kernel attack vector involves a malicious userspace program
54 The user-to-user attack vector involves a malicious userspace program attempting
74 The guest-to-host attack vector involves a malicious VM attempting to leak
88 The guest-to-guest attack vector involves a malicious VM attempting to influence
96 Similar to the user-to-user attack vector, preventing a malicious VM from
[all …]
H A Dspectre.rst69 The bounds check bypass attack :ref:`[2] <spec_ref2>` takes advantage
92 The branch target injection attack takes advantage of speculative
116 the attack revealing useful data.
118 One other variant 2 attack vector is for the attacker to poison the
123 return instructions. This attack can be mitigated by flushing the return
134 Yet another variant 2 attack vector is for the attacker to poison the
141 Previously the only known real-world BHB attack vector was via unprivileged
149 The following list of attack scenarios have been anticipated, but may
150 not cover all possible attack vectors.
161 a pointer for a Spectre variant 1 attack. The index or pointer
[all …]
H A Dl1tf.rst56 similar to the Meltdown attack.
59 allows to attack any physical memory address in the system and the attack
60 works across all protection domains. It allows an attack of SGX and also
73 application to attack the physical memory to which these PTEs resolve.
78 The Linux kernel contains a mitigation for this attack vector, PTE
92 PTE inversion mitigation for L1TF, to attack physical host memory.
98 only to attack data which is present in L1D, a malicious guest running
99 on one Hyperthread can attack the data which is brought into the L1D by
103 If the processor does not support Extended Page Tables, the attack is
107 While solutions exist to mitigate these attack vectors fully, these
[all …]
H A Dgather_data_sampling.rst17 attacks. GDS is a purely sampling-based attack.
44 attack, and re-enable it.
H A Drsb.rst22 the current kernel mitigations: what are the RSB-related attack vectors
36 considered individually for each attack vector (and microarchitecture
52 * All attack vectors can potentially be mitigated by flushing out any
178 attack demonstrated by the researchers. As previously documented,
208 intra-mode BTI attack. This is mitigated by clearing the BHB on
H A Dvmscape.rst10 guest-userspace may be able to attack the guest-kernel using the hypervisor as
/linux/Documentation/security/
H A Dsnp-tdx-threat-model.rst19 additional attack vectors that arise in the confidential computing space
91 | External attack | | Interfaces |
118 Regarding external attack vectors, it is interesting to note that in most
131 CoCo VM TCB due to its large SW attack surface. It is important to note
144 | External attack | | | Interfaces | |
161 leverage this access to attack the guest, the CoCo systems mitigate such
189 The **Linux CoCo VM attack surface** is any interface exposed from a CoCo
232 virtual devices. This allows any attack against confidentiality,
240 side-channel and/or transient execution attack vectors.
245 difference with the previous attack vector (malformed runtime input)
[all …]
H A Dself-protection.rst9 and actively detecting attack attempts. Not all topics are explored in
20 attack surface. (Especially when they have the ability to load arbitrary
114 bug to an attack.
127 unexpectedly extend the available attack surface. (The on-demand loading
146 to gain execution control during an attack, By far the most commonly
149 kind of attack exist, and protections exist to defend against them.
164 A less well understood attack is using a bug that triggers the
166 allocations. With this attack it is possible to write beyond the end of
200 defense, in that an attack must gather enough information about a
224 mounting a successful attack, making the location non-deterministic
H A Dipe.rst33 1. Protection of additional attack vectors:
36 to offline attack against the aforementioned specific data files.
55 additional protection against a hostile block device. In such an attack,
60 access), this attack is mitigated.
79 attack against it).
182 high security bar, as anything signed can be used to attack integrity
H A Dlandlock.rst17 expose a minimal attack surface.
90 deputy attack).
/linux/kernel/configs/
H A Dhardening.config4 # attack surface reduction options. They are expected to have low (or
73 # https://trustedcomputinggroup.org/resource/pc-client-work-group-platform-reset-attack-mitigation-…
89 # Provide userspace with seccomp BPF API for syscall attack surface reduction.
/linux/arch/arm/configs/
H A Dhardening.config6 # Dangerous; old interfaces and needless additional attack surface.
/linux/Documentation/input/devices/
H A Diforce-protocol.rst126 0a-0b Address of attack and fade parameters, or ffff if none.
147 02-03 Duration of attack (little endian encoding, in ms)
148 04 Level at end of attack. Signed byte.
356 - attack and fade : 0e
/linux/include/uapi/sound/
H A Dasound_fm.h39 unsigned char attack; /* 4 bits: attack rate */ member
/linux/sound/pci/asihpi/
H A Dhpi.h1382 u16 hpi_meter_set_peak_ballistics(u32 h_control, u16 attack, u16 decay);
1384 u16 hpi_meter_set_rms_ballistics(u32 h_control, u16 attack, u16 decay);
1386 u16 hpi_meter_get_peak_ballistics(u32 h_control, u16 *attack, u16 *decay);
1388 u16 hpi_meter_get_rms_ballistics(u32 h_control, u16 *attack, u16 *decay);
1618 u32 attack);
H A Dhpifunc.c1886 u32 attack) in hpi_compander_set_attack_time_constant() argument
1888 return hpi_control_param_set(h_control, HPI_COMPANDER_ATTACK, attack, in hpi_compander_set_attack_time_constant()
1893 u32 *attack) in hpi_compander_get_attack_time_constant() argument
1896 index, attack, NULL); in hpi_compander_get_attack_time_constant()
2062 u16 hpi_meter_set_rms_ballistics(u32 h_control, u16 attack, u16 decay) in hpi_meter_set_rms_ballistics() argument
2065 attack, decay); in hpi_meter_set_rms_ballistics()
2070 u32 attack; in hpi_meter_get_rms_ballistics() local
2075 &attack, &decay); in hpi_meter_get_rms_ballistics()
2078 *pn_attack = (unsigned short)attack; in hpi_meter_get_rms_ballistics()
2085 u16 hpi_meter_set_peak_ballistics(u32 h_control, u16 attack, u16 decay) in hpi_meter_set_peak_ballistics() argument
[all …]
/linux/Documentation/security/tpm/
H A Dtpm-security.rst8 packet alteration attacks (called passive and active interposer attack
28 Most recently the same `attack against TPM based Linux disk
34 try to insure that if we can't prevent the attack then at least we can
46 which would be an annoying denial of service attack. However, there
47 are two, more serious, classes of attack aimed at entities sealed to
/linux/Documentation/devicetree/bindings/sound/
H A Dcs35l36.txt113 - cirrus,cirrus,vpbr-atk-rate : Attenuation attack step rate. Configures the
132 - cirrus,vpbr-mute-en : During the attack state, if the vpbr-max-attn value
/linux/Documentation/tee/
H A Dop-tee.rst111 There are additional attack vectors/mitigations for the kernel that should be
137 * Mitigation: The OP-TEE driver must be loaded before any potential attack
/linux/Documentation/translations/zh_CN/filesystems/
H A Dubifs-authentication.rst345 [DMC-CBC-ATTACK] https://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-agains…
/linux/Documentation/userspace-api/
H A Dno_new_privs.rst52 - By itself, ``no_new_privs`` can be used to reduce the attack surface
/linux/net/ipv4/
H A DKconfig99 attack or a misconfigured system somewhere. The information is
271 Normal TCP/IP networking is open to an attack known as "SYN
272 flooding". This denial-of-service attack prevents legitimate remote
274 attack and requires very little work from the attacker, who can
277 SYN cookies provide protection against this type of attack. If you
280 continue to connect, even when your machine is under attack. There
/linux/Documentation/gpu/
H A Ddrm-compute.rst28 denial of service attack by pinning as much memory as possible, hogging the
/linux/fs/xfs/
H A DKconfig48 To close off an attack surface, say N.
75 To close off an attack surface, say N.
/linux/Documentation/admin-guide/LSM/
H A DYama.rst20 of their attack without resorting to user-assisted phishing.

123