Improper Access Control in IOMMU Affects AMD Products
CVE-2023-20581
2.5LOW
Key Information:
- Vendor
Amd
- Vendor
- CVE Published:
- 11 February 2025
What is CVE-2023-20581?
The vulnerability arises from inadequate access control mechanisms in the IOMMU, enabling a privileged attacker to circumvent the Rapid Memory Protection (RMP) checks. This could lead to significant risks concerning the integrity of guest memory, potentially allowing unauthorized access or manipulation of memory spaces within virtualized environments. It is crucial for affected users to refer to AMD's security bulletins for guidance on mitigation and remediation strategies.
Affected Version(s)
AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C
AMD EPYC™ Embedded 9004 EmbGenoaPI-SP5 1.0.0.7
AMD EPYC™ 9004 Processors GenoaPI 1.0.0.C