CVE-2024-36331: 
Linux Debian vulnerability analysis and mitigation

A vulnerability (CVE-2024-36331) has been identified in AMD EPYC processors that affects the Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) feature. The vulnerability was discovered during internal audits and relates to improper management of cache coherency by the CPU (AMD Server Bulletin).

The vulnerability is characterized by improper management of cache coherency by the CPU, which could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory. The vulnerability has been assigned a CVSS v3.1 score of 3.2 (Low) with the vector string AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N, and a CVSS v4.0 score of 4.6 (Medium) with the vector string AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (AMD Server Bulletin).

The primary impact of this vulnerability is the potential loss of data integrity for SEV-SNP guests. The vulnerability specifically affects the cache coherency management, which could lead to unauthorized modification of protected guest memory (AMD Server Bulletin).

AMD has released mitigation through the Platform Initialization (PI) firmware version GenoaPI 1.0.0.F, which was released on 2025-03-28. This update specifically addresses the vulnerability in affected EPYC 9004 Series Processors (Genoa/Genoa-X and Bergamo/Siena). Users are advised to contact their OEM for the specific BIOS update for their product (AMD Server Bulletin).