CVE-2023-20591

EUVD-2023-24770
Improper re-initialization of IOMMU during the DRTM event
may permit an untrusted platform configuration to persist, allowing an attacker
to read or modify hypervisor memory, potentially resulting in loss of
confidentiality, integrity, and availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
amdepyc_7003_firmware
𝑥
< milanpi_1.0.0.b
ADP
amdepyc_9003_firmware
𝑥
< genoapi_1.0.0.8
ADP
amdepyc_7773x_firmware
𝑥
< milanpi_1.0.0.b
ADP
amdepyc_9754s_firmware
𝑥
< genoapi_1.0.0.8
ADP
Common Weakness Enumeration
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html