CVE-2023-20591Improper Initialization in AMD Epyc 7203 Firmware

CWE-665Improper Initialization3 documents3 sources
Severity
10.0CRITICALNVD
CNA6.5
EPSS
0.3%
top 43.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
65
AMD Epyc 7203 FirmwareAMD Epyc 7203p FirmwareAMD Epyc 72f3 Firmware+62 more
Timeline
PublishedAug 13

Description

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages65 packages

NVDamd/epyc_7203_firmware< milanpi_1.0.0.b
NVDamd/epyc_72f3_firmware< milanpi_1.0.0.b
NVDamd/epyc_7303_firmware< milanpi_1.0.0.b
NVDamd/epyc_7313_firmware< milanpi_1.0.0.b
NVDamd/epyc_7343_firmware< milanpi_1.0.0.b

🔴Vulnerability Details

2
CVEList
CVE-2023-20591: Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or m2024-08-13
GHSA
GHSA-v8c4-4ghf-7jv6: Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or m2024-08-13
CVE-2023-20591 — Improper Initialization in AMD | cvebase