AMD Patches Multiple Memory Vulnerabilities That Leads Corrupt The Guest VM
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Three potential vulnerabilities in Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) could allow an attacker to read or corrupt the memory of a guest VM.
To establish an isolated execution environment, (SEV-SNP) adds robust memory integrity protection to prevent malicious hypervisor-based attacks, including data replay, memory remapping, and more.
AMD fixes multiple memory flaws and recommends upgrading to the appropriate Platform Initialization (PI) firmware version.
Details Of Vulnerabilities
CVE-2024-21978- Improper Input Validation
With a Medium severity CVSS base score of 6.0, improper input validation in SEV-SNP could enable a malicious hypervisor to read or overwrite guest memory, which could result in data corruption or leaking.
CVE-2024-21980 – Improper Restriction of Write Operations
This issue has a CVSS base score of 7.9, indicating a high severity. A malicious hypervisor may be able to overwrite a guest’s memory or UMC seed if write operations in SNP firmware are improperly restricted. The flaw could lead to a loss of confidentiality and integrity.
CVE-2023-31355 – Improper Restriction of Write Operations
With a CVSS base score of 6.0, this flaw is classified as Medium severity. A malicious hypervisor may be able to overwrite a guest’s UMC seed through improper restriction of write operations in SEV-SNP firmware. Hence, it allows the reading of memory from a decommissioned guest. Tom Dohrmann reported the vulnerabilities.
Affected Products And Fixes Available
AMD advises upgrading to the most recent versions to defend against the numerous memory vulnerabilities.
#Cyber_Security_News #Network_Security #Vulnerability #AMD_Security #Firmware_Updates #Virtualization_Vulnerabilities
Оригинальная версия на сайте:
AMD Patches Multiple Memory Vulnerabilities That Leads Corrupt The Guest VM
Author: Raga VarshiniThree potential vulnerabilities in Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) could allow an attacker to read or corrupt the memory of a guest VM.
To establish an isolated execution environment, (SEV-SNP) adds robust memory integrity protection to prevent malicious hypervisor-based attacks, including data replay, memory remapping, and more.
AMD fixes multiple memory flaws and recommends upgrading to the appropriate Platform Initialization (PI) firmware version.
Details Of Vulnerabilities
CVE-2024-21978- Improper Input Validation
With a Medium severity CVSS base score of 6.0, improper input validation in SEV-SNP could enable a malicious hypervisor to read or overwrite guest memory, which could result in data corruption or leaking.
CVE-2024-21980 – Improper Restriction of Write Operations
This issue has a CVSS base score of 7.9, indicating a high severity. A malicious hypervisor may be able to overwrite a guest’s memory or UMC seed if write operations in SNP firmware are improperly restricted. The flaw could lead to a loss of confidentiality and integrity.
CVE-2023-31355 – Improper Restriction of Write Operations
With a CVSS base score of 6.0, this flaw is classified as Medium severity. A malicious hypervisor may be able to overwrite a guest’s UMC seed through improper restriction of write operations in SEV-SNP firmware. Hence, it allows the reading of memory from a decommissioned guest. Tom Dohrmann reported the vulnerabilities.
Affected Products And Fixes Available
- 3rd Gen AMD EPYC
Processors formerly codenamed “Milan” – Update to MilanPI 1.0.0.D - 4th Gen AMD EPYC Processors formerly codenamed “Genoa” – Update to GenoaPI 1.0.0.C
- AMD EPYC Embedded 7003 – Update to EmbMilanPI-SP3 1.0.0.9
- AMD EPYC Embedded 9003 – Update to EmbGenoaPI-SP5 1.0.0.7
AMD advises upgrading to the most recent versions to defend against the numerous memory vulnerabilities.
#Cyber_Security_News #Network_Security #Vulnerability #AMD_Security #Firmware_Updates #Virtualization_Vulnerabilities
Оригинальная версия на сайте:
