CVE-2023-20584

IOMMU improperly handles certain special addressranges with invalid device table entries (DTEs), which may allow an attackerwith privileges and a compromised Hypervisor toinduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to aloss of guest integrity.

CVE-2023-20591

Improper re-initialization of IOMMU during the DRTM eventmay permit an untrusted platform configuration to persist, allowing an attackerto read or modify hypervisor memory, potentially resulting in loss ofconfidentiality, integrity, and availability.

CVE-2021-26344

An out of bounds memory write when processing the AMDPSP1 Configuration Block (APCB) could allow an attacker with access the abilityto modify the BIOS image, and the ability to sign the resulting image, topotentially modify the APCB block resulting in arbitrary code execution.

CVE-2023-20578

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allowan attacker with ring0 privileges and access to theBIOS menu or UEFI shell to modify the communications buffer potentiallyresulting in arbitrary code execution.

CVE-2024-21978

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.