Mingwei Zhang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel, specifically in the KVM SEV API, which allows a non-root user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPUs that support Secure Encrypted Virtualization (SEV). The vulnerability is related to a violation of processor cache integrity. Exploitation of this issue can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.14.9 **Description** The issue is related to a missing `sev decommission` in `sev receive start`, which can result in subsequent SEV launch failures due to firmware memory leaks. According to AMD's SEV API, `RECEIVE START` generates a new guest context and needs to be paired with `DECOMMISSION`. The `RECEIVE START` command is the only command other than `LAUNCH START` that generates a new guest context and guest handle. Local network access enables an attack, but no exploit is yet available. **Recommendations** To resolve the issue, upgrade the affected Linux kernel component to a version newer than 5.14.9. As a temporary workaround, consider restricting access to the `sev receive start` function until a patch is available. Avoid using the `RECEIVE START` command without proper `DECOMMISSION` pairing to minimize the risk of exploitation.