CVE-2023-20592

CWE-2217 documents7 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 41.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
32
AMD Epyc 7203 FirmwareAMD Epyc 7203p FirmwareAMD Epyc 72f3 Firmware+29 more
Timeline
PublishedNov 14

Description

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages33 packages

NVDamd/epyc_7203_firmware< milanpi_1.0.0.c
NVDamd/epyc_72f3_firmware< milanpi_1.0.0.c
NVDamd/epyc_7303_firmware< milanpi_1.0.0.c
NVDamd/epyc_7313_firmware< milanpi_1.0.0.c
NVDamd/epyc_7343_firmware< milanpi_1.0.0.c

🔴Vulnerability Details

3
OSV
CVE-2023-20592: Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-2023-11-14
CVEList
CVE-2023-20592: Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-2023-11-14
GHSA
GHSA-5prp-6h6f-f55f: Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-2023-11-14

📋Vendor Advisories

2
Red Hat
hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem2023-11-14
Debian
CVE-2023-20592: amd64-microcode - Improper or unexpected behavior of the INVD instruction in some AMD CPUs may all...2023
CVE-2023-20592 (MEDIUM CVSS 6.5) | Improper or unexpected behavior of | cvebase.io