CVE-2023-20591
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors | MilanPI 1.0.0.B | unaffected |
| AMD | AMD EPYC™ 9004 Series Processors | Genoa 1.0.0.8 | unaffected |
| AMD | AMD EPYC™ Embedded 7003 Series Processors | EmbMilanPI-SP3 1.0.0.7 | unaffected |
| AMD | AMD EPYC™ Embedded 9003 Series Processors | EmbGenoaPI-SP5 1.0.0.3 | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.