Description
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None
Affected products
- AMD / AMD EPYC™ 7003 Series ProcessorsMilan PI 1.0.0.D – Milan PI 1.0.0.D
- AMD / AMD EPYC™ 7003 Series ProcessorsSEV FW 1.55.22 (hex 1.37.16) – SEV FW 1.55.22 (hex 1.37.16)
- AMD / AMD EPYC™ 9004 Series ProcessorGenoa PI 1.0.0.D – Genoa PI 1.0.0.D
- AMD / AMD EPYC™ 9004 Series ProcessorSEV FW 1.55.38 (hex 1.37.26) – SEV FW 1.55.38 (hex 1.37.26)