CVE-2022-23829
https://notcve.org/view.php?id=CVE-2022-23829
A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections. Una posible debilidad en las funciones de protección AMD SPI puede permitir que un atacante malicioso con acceso Ring0 (modo kernel) evite las protecciones ROM nativas del modo de administración del sistema (SMM). • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html • CWE-284: Improper Access Control •
CVE-2023-20587
https://notcve.org/view.php?id=CVE-2023-20587
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution. Un control de acceso inadecuado en el modo de administración del sistema (SMM) puede permitir que un atacante acceda a la memoria flash SPI, lo que podría provocar la ejecución de código arbitrario. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 •
CVE-2023-31347
https://notcve.org/view.php?id=CVE-2023-31347
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. Debido a un error de código en Secure_TSC, el firmware SEV puede permitir que un atacante con altos privilegios haga que un invitado observe un TSC incorrecto cuando Secure TSC está habilitado, lo que podría provocar una pérdida de integridad del invitado. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 •
CVE-2023-31346 – kernel: Reserved fields in guest message responses may not be zero initialized
https://notcve.org/view.php?id=CVE-2023-31346
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. No inicializar la memoria en el firmware SEV puede permitir que un atacante privilegiado acceda a datos obsoletos de otros invitados. A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 https://access.redhat.com/security/cve/CVE-2023-31346 https://bugzilla.redhat.com/show_bug.cgi?id=2250458 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •