CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2023-20591
https://notcve.org/view.php?id=CVE-2023-20591
13 Aug 2024 — Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2023-20578
https://notcve.org/view.php?id=CVE-2023-20578
13 Aug 2024 — A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.9EPSS: 0%CPEs: 64EXPL: 1CVE-2024-21980
https://notcve.org/view.php?id=CVE-2024-21980
05 Aug 2024 — Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. • https://github.com/Freax13/cve-2024-21980-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 1%CPEs: 64EXPL: 1CVE-2024-21978
https://notcve.org/view.php?id=CVE-2024-21978
05 Aug 2024 — Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. • https://github.com/Freax13/cve-2024-21978-poc • CWE-20: Improper Input Validation •