CVE-2023-20519

CWE-416 — Use After Free3 documents3 sources

Severity

3.3LOW

EPSS

0.1%

top 81.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Genoapi Firmware AMD Milanpi Firmware AMD 3RD GEN AMD Epyc™ Processors +1 more

Timeline

PublishedNov 14

Description

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDamd/genoapi_firmware< 1.0.0.3

▶NVDamd/milanpi_firmware< 1.0.0.a

▶CVEListV5amd/3rd_gen_amd_epyc™_processorsvarious

▶CVEListV5amd/4th_gen_amd_epyc™_processorsvarious

🔴Vulnerability Details

GHSA

GHSA-3pww-pqg2-m2hm: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration↗2023-11-14

▶

CVEList

CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration↗2023-11-14

▶