CVE-2024-36331

Description

Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Affected products

AMD / AMD EPYC™ 9004 Series ProcessorsGenoaPI_1.0.0.F – GenoaPI_1.0.0.F
AMD / AMD EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-1.0.0.A – EmbGenoaPI-1.0.0.A
AMD / EPYC™ Embedded 9004 Series ProcessorsEmbGenoaPI-1.0.0.A – EmbGenoaPI-1.0.0.A

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html
MISChttps://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html