Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity.

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.