Improper Access Control in IOMMU Affects AMD Products
CVE-2023-20581

2.5LOW

Key Information:

Vendor
Amd
Status
Amd Epyc™ 9004 Processors
Amd Epyc™ Embedded 9004
Vendor
CVE Published:
11 February 2025

Summary

The vulnerability arises from inadequate access control mechanisms in the IOMMU, enabling a privileged attacker to circumvent the Rapid Memory Protection (RMP) checks. This could lead to significant risks concerning the integrity of guest memory, potentially allowing unauthorized access or manipulation of memory spaces within virtualized environments. It is crucial for affected users to refer to AMD's security bulletins for guidance on mitigation and remediation strategies.

Affected Version(s)

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.7

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

References

https://www.amd.com/en/resources/product-security/bulleti...
https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.