Persistence of Untrusted Platform Configuration Risks Memory Access

CVE-2023-20591

6.5MEDIUM

Key Information

Vendor: Amd
Status: Amd Epyc™ 7003 Series Processors; Amd Epyc™ 9004 Series Processors; Amd Epyc™ Embedded 7003 Series Processors; Amd Epyc™ Embedded 9003 Series Processors
Vendor: CVE Published:; 13 August 2024

Summary

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.

Affected Version(s)

AMD EPYC™ 7003 Series Processors <= MilanPI 1.0.0.B

AMD EPYC™ 9004 Series Processors <= Genoa 1.0.0.8

AMD EPYC™ Embedded 7003 Series Processors <= EmbMilanPI-SP3 1.0.0.7

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database