Improper Access Control in IOMMU Affects AMD Products
CVE-2023-20581

2.5LOW

Key Information:

Vendor: Amd
Status: Amd Epyc™ 9004 Processors; Amd Epyc™ Embedded 9004
Vendor: CVE Published:; 11 February 2025

What is CVE-2023-20581?

The vulnerability arises from inadequate access control mechanisms in the IOMMU, enabling a privileged attacker to circumvent the Rapid Memory Protection (RMP) checks. This could lead to significant risks concerning the integrity of guest memory, potentially allowing unauthorized access or manipulation of memory spaces within virtualized environments. It is crucial for affected users to refer to AMD's security bulletins for guidance on mitigation and remediation strategies.

Affected Version(s)

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.7

AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Oct 27, 2022

Amd

What is CVE-2023-20581?

Affected Version(s)

References

CVSS V3.1

Timeline