SEV firmware
by AMD
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26408 | Hig | 0.46 | 7.1 | 0.00 | May 10, 2022 | Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. | ||
| CVE-2025-52536 | Med | 0.44 | — | 0.00 | Feb 10, 2026 | Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. | ||
| CVE-2023-31352 | Med | 0.39 | 6.0 | 0.00 | Feb 11, 2025 | A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data. | ||
| CVE-2025-29952 | Med | 0.38 | — | 0.00 | Feb 10, 2026 | Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity | ||
| CVE-2021-46768 | Med | 0.36 | 5.5 | 0.00 | Jan 11, 2023 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | ||
| CVE-2021-26404 | Med | 0.36 | 5.5 | 0.00 | Jan 11, 2023 | Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | ||
| CVE-2021-26321 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2021 | Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | ||
| CVE-2021-26320 | Med | 0.36 | 5.5 | 0.00 | Nov 16, 2021 | Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP | ||
| CVE-2025-48517 | Med | 0.30 | — | 0.00 | Feb 10, 2026 | Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality. | ||
| CVE-2025-0031 | Med | 0.30 | — | 0.00 | Feb 10, 2026 | A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity. | ||
| CVE-2025-29946 | Med | 0.29 | — | 0.00 | Feb 10, 2026 | Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory. | ||
| CVE-2023-31356 | Med | 0.29 | 4.4 | 0.00 | Aug 13, 2024 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. | ||
| CVE-2025-48514 | Med | 0.26 | — | 0.00 | Feb 10, 2026 | Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. | ||
| CVE-2024-2502 | Low | 0.13 | 2.0 | 0.00 | Aug 29, 2024 | An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This… | ||
| CVE-2023-31347 | 0.00 | — | 0.00 | Feb 13, 2024 | Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity. |
- risk 0.46cvss 7.1epss 0.00
Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
- risk 0.44cvss —epss 0.00
Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
- risk 0.39cvss 6.0epss 0.00
A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.
- risk 0.38cvss —epss 0.00
Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
- risk 0.36cvss 5.5epss 0.00
Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service.
- risk 0.36cvss 5.5epss 0.00
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
- risk 0.36cvss 5.5epss 0.00
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
- risk 0.36cvss 5.5epss 0.00
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
- risk 0.30cvss —epss 0.00
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
- risk 0.30cvss —epss 0.00
A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity.
- risk 0.29cvss —epss 0.00
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory.
- risk 0.29cvss 4.4epss 0.00
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
- risk 0.26cvss —epss 0.00
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
- risk 0.13cvss 2.0epss 0.00
An application can be configured to block boot attempts after consecutive tamper resets are detected, which may not occur as expected. This is possible because the TAMPERRSTCAUSE register may not be properly updated when a level 4 tamper event (a tamper reset) occurs. This…
- CVE-2023-31347Feb 13, 2024risk 0.00cvss —epss 0.00
Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.