CVE-2023-20582

Summary

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 9004 ProcessorsGenoaPI 1.0.0.Cunaffected
AMDAMD EPYC™ 9004 ProcessorsSEV FW1.55.36unaffected
AMDAMD EPYC™ Embedded 9004EmbGenoaPI-SP5 1.0.0.7unaffected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References