| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper input validation in ABL may enable an
attacker with physical access, to perform arbitrary memory overwrites,
potentially leading to a loss of integrity and code execution.
|
| Insufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies,
which can lead to code execution.
|
| Improper validation of DRAM addresses in SMU may
allow an attacker to overwrite sensitive memory locations within the ASP
potentially resulting in a denial of service.
|
| Insufficient input validation in the SMU may
enable a privileged attacker to write beyond the intended bounds of a shared
memory buffer potentially leading to a loss of integrity.
|
| Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
|
| Insufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)
and SEV-ES user application can lead to a host crash potentially resulting in
denial of service.
|
| Insufficient address validation, may allow an
attacker with a compromised ABL and UApp to corrupt sensitive memory locations
potentially resulting in a loss of integrity or availability.
|
| Insufficient input validation of mailbox data in the
SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially
leading to a loss of integrity and privilege escalation.
|
| A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.
|
| A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
|
| Insufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause
arbitrary memory values to be initialized to zero, potentially leading to a
loss of integrity.
|
| Insufficient input validation in the SMU may
allow an attacker to corrupt SMU SRAM potentially leading to a loss of
integrity or denial of service. |
| IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity. |
| Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. |
|
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
|
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. |
| Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. |
| Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. |
| Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
|
|
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
|
