14 matches found
UBUNTU-CVE-2025-0031
A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLESOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity...
SEV-SNP Guest Stack Pointer Corruption Vulnerability
Summary Researchers have reported a CPU-caused stack corruption issue caused by flipping an undocumented MSR bit. AMD believes that this vulnerability occurs due to inadequate access controls, which fail to prevent the hypervisor from setting an internal configuration bit. This attack could allow...
USN-6957-1 linux-oracle-5.15 vulnerabilities
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...
PT-2024-19135 · Amd +1 · Amd Epyc Embedded 9003 Snp Firmware +1
Name of the Vulnerable Software and Affected Versions: AMD EPYC Embedded 9003 SNP Firmware affected versions not specified Description: The issue is related to improper restriction of write operations in SNP firmware, which could allow a malicious hypervisor to potentially overwrite a guest's...
AMD SEV-SNP 安全漏洞
AMD SEV-SNP is a secure encrypted virtualization firmware from UltraMicroelectronics AMD. A single key is used to encrypt system memory. AMD SEV-SNP suffers from a security vulnerability that stems from an improper restriction of write operations allowing a malicious hypervisor to potentially...
PT-2024-12279 · Unknown +1 · Scp-Firmware +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper restriction of write operations in SNP firmware. This could allow a malicious hypervisor to overwrite a guest's UMC seed,...
USN-6921-1 linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi vulnerabilities
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...
hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem
A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine VM memory integrity...
hw: amd: Instruction raise #VC exception at exit
A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...
AMD CPU Instruction Malpractice Vulnerability
AMD CPUs are a family of CPUs from AMD. The AMD CPUs suffer from an improper instruction vulnerability that stems from the fact that incorrect or unexpected behavior of the INVD instruction would allow an attacker with a malicious hypervisor to affect the cache line write-back behavior of the CPU...
DEBIAN-CVE-2023-20592
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...
UBUNTU-CVE-2023-20592
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine VM memory integrity...
Ciphertext Side Channels on AMD SEV - Lenovo Support US
No description provided...
OpenSSL Hacked and Defaced
UPDATE: A Turkish hacking group compromised and defaced over the weekend the website of OpenSSL, an open-source SSL and TLS encryption implementation resource. The website Zone-H is hosting a mirror of the defacement, in which the hacking group responsible for the attack posted the following...