Persistence of Untrusted Platform Configuration Risks Memory Access
CVE-2023-20591
6.5MEDIUM
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7003 Series Processors
- Amd Epyc™ 9004 Series Processors
- Amd Epyc™ Embedded 7003 Series Processors
- Amd Epyc™ Embedded 9003 Series Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
Affected Version(s)
AMD EPYC™ 7003 Series Processors <= MilanPI 1.0.0.B
AMD EPYC™ 9004 Series Processors <= Genoa 1.0.0.8
AMD EPYC™ Embedded 7003 Series Processors <= EmbMilanPI-SP3 1.0.0.7
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database