Several security issues have been identified in the VMware ESIx virtual machine monitor (VMM). A use-after-free (UAF) vulnerability in PVNVRAM, a missing return value check in EHCI USB controller leading to private heap information disclosure, and several out-of-bounds reads.
9736a651dce3d31a53e949929fa5e638854317668ea1eefa6f0e52872f79d3a2
AMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.
54e8e560ed6f2e12e8bd0223096ce8c586842a0a89aebf2c3ac2adafd44af784
AMD PSP suffers from an fTPM remote code execution vulnerability that can be performed through a crafted EK certificate.
f9c8289131682ca48d57d371a9ee2975ddecf1a6c3fd728766645cc43f6c8cca