6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
13.0%
Bulletin ID: AMD-SB-3005 **Potential Impact:**Memory integrity **Severity:**Medium
External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine (VM) memory integrity.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20592 | Medium | Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. |
1st Gen AMD EPYC™ Processors (SEV and SEV-ES)
2nd Gen AMD EPYC™ Processors (SEV and SEV-ES)
3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP)
No mitigation is available for the first or second generations of EPYC™ processors (“Zen 1”, formerly codenamed “Naples”, “Zen 2”, formerly codenamed “Rome”) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity and the SEV-SNP is not available.
As a mitigation for the potential vulnerability, AMD has provided a hot-loadable microcode patch and updated the firmware image for AMD 3rd generation EPYC™ processors (“Zen 3” microarchitecture, formerly codenamed “Milan”) for customers with the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature enabled. No performance impact is expected from the patch.
This issue has not been found to impact AMD 4th generation “Genoa” EPYC™ processors (“Zen 4” microarchitecture).
The Platform Initialization package (PI) versions listed below are planned to be released to the Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers on the target dates listed below. Please refer to your OEM for the BIOS update specific to your product.
Please note AMD is deploying the µcode patch in two ways, as a standalone patch with an updated SEV firmware image and/or as part of a platform initialization (PI) package update. For mitigation prior to Platform Initialization (PI) package release, the µcode patch and SEV firmware image should be installed. The µcode patch should be applied before initializing the SEV-SNP feature via the SNP_INIT_EX command, and if the RMP was previously initialized, the RMP should be re-initialized by setting INIT_RMP to 1. The µcode patch and SEV firmware image will be included in the PI package update when it becomes available.
CPUIDs|Mitigation Option 1|Mitigation Option 2|TCB Values
for
SNP Attestation
—|—|—|—
0x00A00F11
0x00A00F12|
Platform Initialization (PI)
(Requires FW flash)|
μcode
(Hot loadable)|
SEV FW
(Hot loadable-refer to above for instructions)|
TCB[SNP]>=0x14
**AND **B1 – TCB[MICROCODE]>=0xD1
B2 –TCB[MICROCODE]>=0x34
Minimum firmware versions to mitigate all applicable CVEs below| MilanPI 1.0.0.C
(Target Dec 2023)
CVE-2023-20592| 5.3 (Medium)| MilanPI 1.0.0.C
(Target Dec 2023)|
Milan B1 – 0x0A0011D1
Milan-X B2 – 0x0A001234| 1.37.10|
TCB[SNP]>=0x14
**AND **B1 – TCB[MICROCODE]>=0xD1
B2 –TCB[MICROCODE]>=0x34
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.0005 Low
EPSS
Percentile
13.0%