ByteOS

CVSS Score-6.5||MEDIUM

EPSS-0.47% / 65.10%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 18:29

Updated-27 Nov, 2024 | 16:01

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.

Product-epyc_7543 epyc_7502_firmware epyc_7402 epyc_7262_firmware epyc_9254_firmware epyc_7451 epyc_9354p epyc_embedded_3251_firmware epyc_7f32 epyc_7551_firmware epyc_7272_firmware epyc_7573x epyc_7713p epyc_7443 epyc_7513 epyc_9684x_firmware epyc_embedded_3201_firmware epyc_7232p_firmware epyc_9534 epyc_7702 epyc_7453 epyc_7373x epyc_7513_firmware epyc_9334_firmware epyc_9454p_firmware epyc_7542 epyc_9454 epyc_7281_firmware epyc_7413_firmware epyc_9534_firmware epyc_9754_firmware epyc_9384x_firmware epyc_7643_firmware epyc_7f52 epyc_9274f_firmware epyc_embedded_3151_firmware epyc_75f3 epyc_7373x_firmware epyc_7f32_firmware epyc_7502 epyc_7662_firmware epyc_7f72_firmware epyc_75f3_firmware epyc_9184x_firmware epyc_7473x_firmware epyc_7343_firmware epyc_9754s_firmware epyc_7281 epyc_7551 epyc_9634_firmware epyc_9174f_firmware epyc_7551p epyc_7313p epyc_embedded_3101 epyc_9124_firmware epyc_7551p_firmware epyc_7601_firmware epyc_embedded_3451_firmware epyc_7573x_firmware epyc_7352 epyc_7401 epyc_7713_firmware epyc_7742 epyc_7272 epyc_9254 epyc_7713 epyc_9474f_firmware epyc_7443p_firmware epyc_7773x epyc_embedded_3451 epyc_9634 epyc_9554p_firmware epyc_embedded_3201 epyc_7742_firmware epyc_7501 epyc_7501_firmware epyc_7301_firmware epyc_7443_firmware epyc_7402p epyc_7343 epyc_7252_firmware epyc_7543_firmware epyc_7542_firmware epyc_7763_firmware epyc_9274f epyc_9734 epyc_9454p epyc_9734_firmware epyc_7313p_firmware epyc_7252 epyc_7502p epyc_7351p_firmware epyc_7302p_firmware epyc_9124 epyc_embedded_3251 epyc_9354 epyc_embedded_3101_firmware epyc_7642_firmware epyc_7452 epyc_7543p_firmware epyc_9374f_firmware epyc_7401p epyc_9554_firmware epyc_7601 epyc_embedded_3255_firmware epyc_7302 epyc_7232p epyc_7663 epyc_7773x_firmware epyc_72f3_firmware epyc_7f72 epyc_9174f epyc_7662 epyc_7642 epyc_7473x epyc_7451_firmware epyc_9754 epyc_7532_firmware epyc_7502p_firmware epyc_7413 epyc_7301 epyc_7401p_firmware epyc_9384x epyc_9554p epyc_9654_firmware epyc_9654 epyc_9684x epyc_7313 epyc_7351p epyc_7663_firmware epyc_9474f epyc_7351_firmware epyc_7251 epyc_9754s epyc_7302p epyc_7702p_firmware epyc_74f3_firmware epyc_9654p epyc_7302_firmware epyc_7763 epyc_9454_firmware epyc_5552 epyc_embedded_3151 epyc_embedded_3255 epyc_9374f epyc_7402_firmware epyc_7713p_firmware epyc_73f3_firmware epyc_7702p epyc_9654p_firmware epyc_7f52_firmware epyc_7262 epyc_9334 epyc_7251_firmware epyc_7401_firmware epyc_72f3 epyc_7643 epyc_5552_firmware epyc_9354_firmware epyc_7402p_firmware epyc_7452_firmware epyc_7351 epyc_9354p_firmware epyc_9224_firmware epyc_7313_firmware epyc_7543p epyc_7443p epyc_9184x epyc_7453_firmware epyc_9224 epyc_7702_firmware epyc_7352_firmware epyc_74f3 epyc_7532 epyc_9554 epyc_73f3 3rd Gen AMD EPYC™ Processors 4th Gen AMD EPYC™ Processors 1st Gen AMD EPYC™ Processors 2nd Gen AMD EPYC™ Processors

CWE ID-CWE-203

Observable Discrepancy

CVE-2022-27672

CVSS Score-4.7||MEDIUM

EPSS-0.23% / 46.04%

7 Day CHG~0.00%

Published-14 Feb, 2023 | 19:34

Updated-13 Apr, 2026 | 20:16

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.

CVE-2021-46744

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 27.89%

7 Day CHG~0.00%

Published-11 May, 2022 | 16:40

Updated-16 Sep, 2024 | 23:46

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.

CWE ID-CWE-203

Observable Discrepancy

CVE-2020-12966

CVSS Score-5.5||MEDIUM

EPSS-0.14% / 33.66%

7 Day CHG~0.00%

Published-04 Feb, 2022 | 22:29

Updated-17 Sep, 2024 | 01:06

AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor.

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2021-26340

CVSS Score-8.4||HIGH

EPSS-0.06% / 18.40%

7 Day CHG~0.00%

Published-10 Dec, 2021 | 21:55

Updated-16 Sep, 2024 | 16:29

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM).

CVE-2021-26311

CVSS Score-7.2||HIGH

EPSS-1.28% / 79.98%

7 Day CHG~0.00%

Published-13 May, 2021 | 11:06

Updated-17 Sep, 2024 | 04:25

AMD Secure Encrypted Virtualization

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

CWE ID-CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2020-12967

CVSS Score-7.2||HIGH

EPSS-1.61% / 82.14%

7 Day CHG~0.00%

Published-13 May, 2021 | 11:06

Updated-16 Sep, 2024 | 18:55

AMD Secure Encrypted Virtualization

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.