Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
2.4CVSS
4.6AI Score
0.001EPSS
Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
7.5CVSS
7.5AI Score
0.001EPSS
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
7.5CVSS
7.6AI Score
0.001EPSS
Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
7.5CVSS
7.5AI Score
0.001EPSS
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
5.3CVSS
5.9AI Score
0.001EPSS
Insufficient DRAM address validation in SystemManagement Unit (SMU) may allow an attacker to read/write from/to an invalidDRAM address, potentially resulting in denial-of-service.
7.5CVSS
7.5AI Score
0.001EPSS
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
7.5CVSS
7.1AI Score
0.0005EPSS
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
4.7CVSS
6.6AI Score
0.001EPSS
A privileged attackercan prevent delivery of debug exceptions to SEV-SNP guests potentiallyresulting in guests not receiving expected debug information.
3.2CVSS
4AI Score
0.0004EPSS
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
6.5CVSS
6.3AI Score
0.001EPSS
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
6.5CVSS
6.5AI Score
0.0005EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
4.4CVSS
4.5AI Score
0.0004EPSS