Debug Exception Delivery in Secure Nested Paging
CVE-2023-20573

3.2LOW

Key Information:

Vendor: AMD
Status: 3rd Gen AMD EPYC™ Processors; 4th Gen AMD EPYC™ Processors
Vendor: CVE Published:; 11 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists wherein a privileged attacker can interfere with the delivery of debug exceptions to Secure Encrypted Virtualization (SEV) with Secure Nested Paging (SNP) guests. This action may prevent these guests from receiving the necessary debug information, potentially affecting overall system performance and security monitoring. The flaw raises significant concerns regarding the integrity and reliability of debugging processes within affected environments.

Affected Version(s)

3rd Gen AMD EPYC™ Processors x86 various

4th Gen AMD EPYC™ Processors x86 Various

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2023-20573-poc
Created by Freax13

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 11, 2024
🟡
Public PoC available
Mar 11, 2023
👾
Exploit known to exist
Mar 11, 2023
Vulnerability Reserved
Oct 27, 2022

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)