Mengyuan Li

**Name of the Vulnerable Software and Affected Versions** AMD processors (affected versions not specified) **Description** A potential power side-channel issue in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM, potentially resulting in a leak of sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD CPUs (affected versions not specified) **Description** The issue is related to the implementation of the SEV-SNP (Secure Nested Paging) protective mechanism for virtual machines running on servers with AMD processors, which is associated with data encryption errors. An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMD EPYC Processors (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) of AMD EPYC Processors. A local authenticated attacker could potentially exploit this vulnerability, leading to the leaking of guest data by a malicious hypervisor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** A malicious hypervisor, in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM, may fail to flush the Translation Lookaside Buffer (TLB), resulting in unexpected behavior inside the virtual machine (VM). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.