CVE-2023-20591

Summary

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
AMDAMD EPYC™ 7003 Series ProcessorsMilanPI 1.0.0.Bunaffected
AMDAMD EPYC™ 9004 Series ProcessorsGenoa 1.0.0.8unaffected
AMDAMD EPYC™ Embedded 7003 Series ProcessorsEmbMilanPI-SP3 1.0.0.7unaffected
AMDAMD EPYC™ Embedded 9003 Series ProcessorsEmbGenoaPI-SP5 1.0.0.3unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References