CVE-2023-20584

Summary

IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7003 ProcessorsMilanPI 1.0.0.Cunaffected
AMDAMD EPYC™ 9004 ProcessorsGenoaPI 1.0.0.Bunaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References