3 matches found
CVE-2024-21978
CVE-2024-21978 involves improper input validation in SEV-SNP, enabling a malicious hypervisor with Local access and low complexity to read or overwrite guest memory, risking data leakage and data corruption. Reports tie this to AMD SEV-SNP firmware; advisories (AMD SB) indicate the issue is addre...
CVE-2024-21980
The CVE-2024-21980 issue is in AMD SNP firmware (SEV-SNP). The root cause is improper restriction of write operations in SNP firmware, which could allow a local malicious hypervisor to overwrite a guest VM’s memory or the UMC seed, leading to loss of confidentiality and integrity. Documents consi...
CVE-2023-31355
CVE-2023-31355 is associated with SNP firmware write restrictions; a malicious hypervisor could overwrite a guest’s UMC seed and potentially read memory from a decommissioned guest. Connected advisories (Fedora Linux-firmware updates around 2025-03-11) provide concrete remediation: update linux-f...