CVE-2023-20573 — Protection Mechanism Failure in AMD 3RD GEN AMD Epyc Processors

CWE-693 — Protection Mechanism Failure CWE-1301 — Insufficient or Incomplete Data Removal within Hardware Component5 documents5 sources

Severity

3.2LOWNVD

EPSS

0.1%

top 76.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 3RD GEN AMD Epyc Processors AMD 4TH GEN AMD Epyc Processors

Timeline

PublishedJan 11

Description

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:NExploitability: 1.5 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5amd/3rd_gen_amd_epyc_processorsvarious

▶CVEListV5amd/4th_gen_amd_epyc_processorsVarious

🔴Vulnerability Details

CVEList

Debug Exception Delivery in Secure Nested Paging↗2024-01-11

▶

GHSA

GHSA-6hrc-q74x-c8g8: A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug informat↗2024-01-11

▶

📋Vendor Advisories

Red Hat

kernel: hw: AMD Secure Nested Paging Debug Exception↗2024-01-09

▶

💬Community

Bugzilla

CVE-2023-20573 kernel: hw: AMD Secure Nested Paging Debug Exception↗2023-12-08

▶