CVE-2023-20584

2024-08-1317:15:19

AMD

web.nvd.nist.gov

iommu

special address ranges

attacker privileges

faults

rmp checks

sev-snp

guest integrity

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

AI Score

7.2

Confidence

Low

EPSS

Percentile

9.5%

JSON

IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "AMD EPYC™ 7003 Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "unaffected",
        "version": "MilanPI 1.0.0.C",
        "versionType": "PI"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "AMD EPYC™ 9004 Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "unaffected",
        "version": "GenoaPI 1.0.0.B"
      }
    ]
  }
]