Amd.comAMD-SB-3006Debug Exception Delivery in Secure Nested Paging
3.2 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
7.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Bulletin ID: AMD-SB-3006 **Potential Impact:**Suppression of guest debug exceptions Severity: Low
Summary
A researcher has reported that a host can potentially suppress delivery of debug exceptions to SEV-SNP guests that have the restricted injection feature enabled. For example, a software-based debugger generating hardware-based exceptions for the purpose of debugging may not see the exceptions delivered to the VM guest. In particular, hardware debug traps such as single-stepping and data breakpoints may not be observed in the guest.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
|---|---|---|
| CVE-2023-20573 | Low | A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. |
Affected Products
3rd Gen AMD EPYC™ processors
4th Gen AMD EPYC™ processors
Mitigation
No mitigation is planned for this issue. SEV-SNP guest that have the alternate injection feature enabled are not affected.
Related
3.2 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
7.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%