Freax13

6 exploits Active since Oct 2023
CVE-2024-21978 NOMISEC MEDIUM WORKING POC
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.d - Unauthenticated Memory Read/Write via SEV-SNP Input Validation
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
9 stars
CVSS 6.0
CVE-2024-21980 NOMISEC HIGH WORKING POC
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.d - Memory Corruption via SNP Firmware Write Operations
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
8 stars
CVSS 7.9
CVE-2023-46813 NOMISEC HIGH WORKING POC
Linux kernel <6.5.9 - Privilege Escalation
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
8 stars
CVSS 7.0
CVE-2023-31355 NOMISEC MEDIUM WORKING POC
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.d - Memory Read via UMC Seed Overwrite
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
8 stars
CVSS 6.0
CVE-2023-20573 NOMISEC LOW WORKING POC
AMD EPYC Firmware - Debug Exception Delivery Failure
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
6 stars
CVSS 3.2
CVE-2023-31346 NOMISEC MEDIUM WORKING POC
AMD EPYC 7003 Series Firmware < milanpi_1.0.0.c - Privileged Stale Data Exposure via Uninitialized Memory
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
1 stars
CVSS 6.0