| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An out of bounds memory write when processing the AMD
PSP1 Configuration Block (APCB) could allow an attacker with access the ability
to modify the BIOS image, and the ability to sign the resulting image, to
potentially modify the APCB block resulting in arbitrary code execution. |
| Due to a code bug in
Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a
guest to observe an incorrect TSC when Secure TSC is enabled potentially
resulting in a loss of guest integrity.
|
| Improper re-initialization of IOMMU during the DRTM event
may permit an untrusted platform configuration to persist, allowing an attacker
to read or modify hypervisor memory, potentially resulting in loss of
confidentiality, integrity, and availability. |
| IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. |
| An attacker with a compromised ASP could
possibly send malformed commands to an ASP on another CPU, resulting in an out
of bounds write, potentially leading to a loss a loss of integrity.
|
| Improper access control settings in ASP
Bootloader may allow an attacker to corrupt the return address causing a
stack-based buffer overrun potentially leading to arbitrary code execution.
|
| Insufficient input validation on the model
specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest
memory integrity.
|
| Improper input validation in ABL may enable an
attacker with physical access, to perform arbitrary memory overwrites,
potentially leading to a loss of integrity and code execution.
|
| Insufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies,
which can lead to code execution.
|
| Improper validation of DRAM addresses in SMU may
allow an attacker to overwrite sensitive memory locations within the ASP
potentially resulting in a denial of service.
|
| Insufficient input validation in the SMU may
enable a privileged attacker to write beyond the intended bounds of a shared
memory buffer potentially leading to a loss of integrity.
|
| Insufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an
attacker with a malicious Uapp or ABL to send malformed or invalid syscall to
the bootloader resulting in a potential denial of service and loss of
integrity.
|
| Insufficient address validation, may allow an
attacker with a compromised ABL and UApp to corrupt sensitive memory locations
potentially resulting in a loss of integrity or availability.
|
| Insufficient input validation of mailbox data in the
SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially
leading to a loss of integrity and privilege escalation.
|
| A compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of
ASP memory to userspace, potentially leading to information disclosure.
|
| A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
|
| Insufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause
arbitrary memory values to be initialized to zero, potentially leading to a
loss of integrity.
|
| Insufficient input validation in the SMU may
allow an attacker to corrupt SMU SRAM potentially leading to a loss of
integrity or denial of service. |
| IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity. |
| Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. |
