What's the problem?
Obvious thing is, if SEV is not yet available to the market, doesn't matter how much security fails they find, considering that the final product to be launched doesn't have them.
In fact, is a good sign they're finding vulnerabilities: because this way AMD have the opportunity to fix them before launching SEV as a final product. Am I wrong?