CVE-2023-31346

Failure to initializememory in SEV Firmware may allow a privileged attacker to access stale datafrom other guests.

CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

CVE-2021-46744

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.

CVE-2023-20584

IOMMU improperly handles certain special addressranges with invalid device table entries (DTEs), which may allow an attackerwith privileges and a compromised Hypervisor toinduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to aloss of guest integrity.

CVE-2023-20575

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.

CVE-2021-46775

Improper input validation in ABL may enable anattacker with physical access, to perform arbitrary memory overwrites,potentially leading to a loss of integrity and code execution.

CVE-2023-20525

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.