Intel
CVE-2026-33697
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Cocos AI is a confidential computing system for AI. The current implementation of attested TLS (aTLS) in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS. In the affected design, an attacker may be able to extract the ephemeral TLS private key used during the intra-handshake attestation. Because the attestation evidence is bound to the ephemeral key but not to the TLS channel, possession of that key is sufficient to relay or divert the attested TLS session. A client will accept the connection under false assumptions about the endpoint it is communicating with - the attestation report cannot distinguish the genuine attested service from the attacker's relay. This undermines the intended authentication guarantees of attested TLS. A successful attack may allow an attacker to impersonate an attested CoCoS service and access data or operations that the client intended to send only to the genuine attested endpoint. Exploitation requires the attacker to first extract the ephemeral TLS private key, which is possible through physical access to the server hardware, transient execution attacks, or side-channel attacks. Note that the aTLS implementation was fully redesigned in v0.7.0, but the redesign does not address this vulnerability. The relay attack weakness is architectural and affects all releases in the v0.4.0-v0.8.2 range. This vulnerability class was formally analyzed and demonstrated across multiple attested TLS implementations, including CoCoS, by researchers whose findings were disclosed to the IETF TLS Working Group. Formal verification was conducted using ProVerif. As of time of publication, there is no patch available. No complete workaround is available. The following hardening measures reduce but do not eliminate the risk: Keep TEE firmware and microcode up to date to reduce the key-extraction surface; define strict attestation policies that validate all available report fields, including firmware versions, TCB levels, and platform configuration registers; and/or enable mutual aTLS with CA-signed certificates where deployment architecture permits.
AnalysisAI
Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.
Technical ContextAI
The vulnerability affects the attested TLS (aTLS) implementation in Cocos AI, a confidential computing framework supporting AMD SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging) and Intel TDX (Trust Domain Extensions) trusted execution environments. The root cause is CWE-322 (Key Exchange without Entity Authentication), where attestation evidence generated during the TLS handshake is cryptographically bound to the ephemeral TLS private key but not to the actual TLS channel endpoint. This design allows an adversary who extracts the ephemeral key through physical access, transient execution attacks (e.g., Spectre-class), or side-channel methods to replay the attestation evidence to a different server, effectively relaying the attested session. The aTLS redesign in v0.7.0 did not remediate this architectural weakness. Formal verification using ProVerif by researchers disclosed to the IETF TLS Working Group demonstrates the attack across multiple aTLS implementations, confirming this is a protocol-level design issue rather than an implementation bug.
RemediationAI
No vendor-released patch identified at time of analysis per the CVE description stating 'there is no patch available.' Organizations must implement defense-in-depth hardening measures as incomplete workarounds: maintain current TEE firmware and microcode updates from AMD (SEV-SNP BIOS/firmware) and Intel (TDX module updates) to reduce key-extraction attack surface; enforce strict attestation policy validation covering all report fields including firmware versions, TCB (Trusted Computing Base) security version numbers, and platform configuration registers to detect anomalous attestation evidence; deploy mutual aTLS with CA-signed certificates where architecture permits to add an independent authentication layer. Monitor the vendor advisory at https://github.com/ultravioletrs/cocos/security/advisories/GHSA-vfgg-mvxx-mgg7 for patch release announcements. Consider risk acceptance or service isolation for non-critical confidential computing workloads until architectural remediation is available.
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Mana
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
Local privilege escalation to SYSTEM in Intel Ethernet diagnostics driver (IQVW32.sys/IQVW64.sys versions before 1.3.1.0
Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously cra
Same weakness CWE-322 – Key Exchange without Entity Authentication
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today