Jan Wichelmann

**Name of the Vulnerable Software and Affected Versions** AMD CPUs (affected versions not specified) **Description** The issue is related to the implementation of the SEV-SNP (Secure Nested Paging) protective mechanism for virtual machines running on servers with AMD processors, which is associated with data encryption errors. An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD SEV/SEV-ES feature (affected versions not specified) **Description** The issue concerns the AMD SEV/SEV-ES feature, where memory can be rearranged in the guest address space without being detected by the attestation mechanism. This could potentially be exploited by a malicious hypervisor to achieve arbitrary code execution within the guest VM, provided a malicious administrator has access to compromise the server hypervisor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.