CVE-2021-47389

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.9

Description The issue is related to a missing sev decommission in sev receive start, which can result in subsequent SEV launch failures due to firmware memory leaks. According to AMD's SEV API, RECEIVE START generates a new guest context and needs to be paired with DECOMMISSION. The RECEIVE START command is the only command other than LAUNCH START that generates a new guest context and guest handle. Local network access enables an attack, but no exploit is yet available.

Recommendations To resolve the issue, upgrade the affected Linux kernel component to a version newer than 5.14.9. As a temporary workaround, consider restricting access to the sev receive start function until a patch is available. Avoid using the RECEIVE START command without proper DECOMMISSION pairing to minimize the risk of exploitation.