Home
MEDIUM: 4.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:NDefault status
affected
Genoa++_1.0.0.H
unaffected
Default status
affected
MilanPI 1.0.0.H
unaffected
Default status
affected
TurinPI 1.0.0.6
unaffected
Default status
affected
Genoa++_1.0.0.H
unaffected
Default status
affected
EmbMilanPI-SP3 v9 1.0.0.C
unaffected
Default status
affected
EmbGenoaPI-SP5 1.0.0.C
unaffected
Default status
affected
EmbTurinPI-SP5_1.0.0.1
unaffected
Default status
affected
EmbGenoaPI-SP5 1.0.0.C
unaffected
Default status
affected
EmbGenoaPI-SP5 1.0.0.C
unaffected
Description
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
Problem types
CWE-1220 Insufficient Granularity of Access Control
Product status
Genoa++_1.0.0.H
MilanPI 1.0.0.H
TurinPI 1.0.0.6
Genoa++_1.0.0.H
EmbMilanPI-SP3 v9 1.0.0.C
EmbGenoaPI-SP5 1.0.0.C
EmbTurinPI-SP5_1.0.0.1
EmbGenoaPI-SP5 1.0.0.C
EmbGenoaPI-SP5 1.0.0.C
References
www.amd.com/...es/product-security/bulletin/AMD-SB-3023.html