"Intel has partnered with Google to conduct a security review of its Trust Domain Extensions (TDX) technology, which led to the discovery of dozens of vulnerabilities, bugs, and improvement suggestions. TDX is a hardware-based confidential computing technology designed to safeguard sensitive workloads and data in cloud and multi-tenant environments, even against a compromised hypervisor and insiders. Intel TDX creates Confidential Virtual Machines (also called Trust Domains or TDs), which are hardware-isolated virtual machines that deliver strong, enforced protections for both confidentiality and integrity."
"Specifically, CVE-2025-30513 is capable of converting a migratable TD to a debuggable TD during the migration process. A host can exploit a Time-of-Check to Time-of-Use vulnerability to change the TD's attributes from migratable to debug as its immutable state is being imported. Once triggered the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities."
Intel partnered with Google to examine Trust Domain Extensions (TDX), a hardware confidential computing technology that protects sensitive workloads and data in cloud and multi-tenant environments. The Google Cloud Security team and Intel INT31 researchers reviewed TDX Module 1.5 over five months using manual code reviews, custom tools, and off-the-shelf AI. The analysis found five vulnerabilities plus 35 bugs, weaknesses, and improvement opportunities. Intel patched all vulnerabilities and published an advisory listing CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467, which could enable privilege escalation and information disclosure.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]