SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
The newly discovered Zenbleed vulnerability (CVE-2023-20593) affects all Zen2 processors from AMD. Unfortunately, AMD will not provide microcode updates for many of its processors until November or December 2023. How to stay safe in the meantime? Luckily, there is a software workaround. While applying the software workaround is a one-liner… Read More
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞