Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-0171
Summary
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
References
Advisory Timeline
- Published