55 matches found
CVE-2021-26397
Insufficient address validation, may allow anattacker with a compromised ABL and UApp to corrupt sensitive memory locationspotentially resulting in a loss of integrity or availability.
CVE-2023-20578
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allowan attacker with ring0 privileges and access to theBIOS menu or UEFI shell to modify the communications buffer potentiallyresulting in arbitrary code execution.
CVE-2024-21978
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
CVE-2023-31355
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
CVE-2024-21980
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.