Security bulletins

The following describes all security bulletins related to Confidential VM.

GCP-2025-058

Published: 2025-10-20

Description

Description Severity Notes

Description	Severity	Notes
A flaw has been discovered in the RDSEED instruction in AMD Zen 5 processors (Turin). This instruction is used to generate cryptographic random numbers. Under certain system load conditions, the 16- and 32-bit versions of RDSEED can silently fail, which could compromise applications relying on random number generation. Customers using the 64-bit version of RDSEED are unaffected. What should I do? AMD is investigating the vulnerability. It's important to note that the 64-bit Linux kernel uses the safe 64-bit version of the RDSEED instruction, and that feeds the random numbers obtained from `/dev/[u]random`. Those random numbers are not impacted by this vulnerability. If you have application code that synthesizes random numbers itself using the RDSEED instruction, be aware that the 16-bit and 32-bit versions of the instruction are insecure. The 64-bit version of the instruction is safe. What vulnerabilites are being addressed? This vulnerability allows an attacker to cause RDSEED to silently fail, potentially compromising random number generation in applications.	High

A flaw has been discovered in the RDSEED instruction in AMD Zen 5 processors (Turin). This instruction is used to generate cryptographic random numbers. Under certain system load conditions, the 16- and 32-bit versions of RDSEED can silently fail, which could compromise applications relying on random number generation. Customers using the 64-bit version of RDSEED are unaffected.

What should I do?

AMD is investigating the vulnerability.

It's important to note that the 64-bit Linux kernel uses the safe 64-bit version of the RDSEED instruction, and that feeds the random numbers obtained from /dev/[u]random. Those random numbers are not impacted by this vulnerability.

If you have application code that synthesizes random numbers itself using the RDSEED instruction, be aware that the 16-bit and 32-bit versions of the instruction are insecure. The 64-bit version of the instruction is safe.

What vulnerabilites are being addressed?

This vulnerability allows an attacker to cause RDSEED to silently fail, potentially compromising random number generation in applications.

High

GCP-2025-007

Published: 2025-02-03

Description	Severity	Notes
Google has discovered a vulnerability in AMD Zen-based CPUs that affects Confidential VM instances with AMD SEV-SNP enabled. This vulnerability allows attackers with root access in a physical machine to compromise the confidentiality and integrity of the Confidential VM instance. Google has applied fixes to the affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google. What should I do? No customer action is required. Customers who want to verify the fix can check the Trusted Computing Base (TCB) version in the attestation report from their Confidential VM instance with AMD SEV-SNP. The minimum versions that mitigate this vulnerability are as follows: SNP TCB SVN: 0x18 0d24 tcb_version { psp_bootloader_version: 4 snp_firmware_version: 24 (0x18) microcode_version: 219 } For more information, see AMD security bulletin AMD-SB-3019.	High	CVE-2024-56161

Description

Severity

Notes

Google has discovered a vulnerability in AMD Zen-based CPUs that affects Confidential VM instances with AMD SEV-SNP enabled. This vulnerability allows attackers with root access in a physical machine to compromise the confidentiality and integrity of the Confidential VM instance.

Google has applied fixes to the affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google.

What should I do?

No customer action is required. Customers who want to verify the fix can check the Trusted Computing Base (TCB) version in the attestation report from their Confidential VM instance with AMD SEV-SNP. The minimum versions that mitigate this vulnerability are as follows:

SNP TCB SVN: 0x18 0d24
tcb_version {
  psp_bootloader_version: 4
  snp_firmware_version: 24 (0x18)
  microcode_version: 219
}

For more information, see AMD security bulletin AMD-SB-3019.

High

CVE-2024-56161

GCP-2024-046

Published: 2024-08-05

Description	Severity	Notes
AMD has notified Google about 3 new (2 medium risk, 1 high risk) firmware vulnerabilities affecting SEV-SNP in AMD EPYC 3rd generation (Milan) and 4th generation (Genoa) CPUs. Google has applied fixes to the affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google. What should I do? No customer action is required. Fixes have already been applied to the Google server fleet. For more information, see AMD security advisory AMD-SN-3011.	Medium–High	CVE-2023-31355 CVE-2024-21978 CVE-2024-21980

Description

Severity

Notes

AMD has notified Google about 3 new (2 medium risk, 1 high risk) firmware vulnerabilities affecting SEV-SNP in AMD EPYC 3rd generation (Milan) and 4th generation (Genoa) CPUs.

Google has applied fixes to the affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google.

What should I do?

No customer action is required. Fixes have already been applied to the Google server fleet.

For more information, see AMD security advisory AMD-SN-3011.

Medium–High

CVE-2023-31355

CVE-2024-21978

CVE-2024-21980

GCP-2024-009

Published: 2024-02-13

Description	Severity	Notes
On February 13, 2024, AMD disclosed two vulnerabilities affecting SEV-SNP on EPYC CPUs based on third generation "Milan" and fourth generation "Genoa" Zen cores. The vulnerabilities allow privileged attackers to access stale data from guests or cause a loss of guest integrity. Google has applied fixes to affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google. What should I do? No customer action is required. Fixes have already been applied to the Google server fleet for Google Cloud, including Compute Engine. For more information, see AMD security advisory AMD-SN-3007.	Medium	CVE-2023-31346 CVE-2023-31347

Description

Severity

Notes

On February 13, 2024, AMD disclosed two vulnerabilities affecting SEV-SNP on EPYC CPUs based on third generation "Milan" and fourth generation "Genoa" Zen cores. The vulnerabilities allow privileged attackers to access stale data from guests or cause a loss of guest integrity.

Google has applied fixes to affected assets, including Google Cloud, to ensure customers are protected. At this time, no evidence of exploitation has been found or reported to Google.

What should I do?

No customer action is required. Fixes have already been applied to the Google server fleet for Google Cloud, including Compute Engine.

For more information, see AMD security advisory AMD-SN-3007.

Medium

CVE-2023-31346

CVE-2023-31347

Security bulletins Stay organized with collections Save and categorize content based on your preferences.

GCP-2025-058

Description

What should I do?

What vulnerabilites are being addressed?

GCP-2025-007

GCP-2024-046

GCP-2024-009

Security bulletins