CVE-2023-20591

MEDIUM

IOMMU - Memory Corruption

Title source: llm

Description

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.

References (1)

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Scores

CVSS v3 6.5

EPSS 0.0034

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-665

Status published

Products (50)

amd/epyc_7203_firmware < milanpi_1.0.0.b

amd/epyc_7203p_firmware < milanpi_1.0.0.b

amd/epyc_72f3_firmware < milanpi_1.0.0.b

amd/epyc_7303_firmware < milanpi_1.0.0.b

amd/epyc_7303p_firmware < milanpi_1.0.0.b

amd/epyc_7313_firmware < milanpi_1.0.0.b

amd/epyc_7313p_firmware < milanpi_1.0.0.b

amd/epyc_7343_firmware < milanpi_1.0.0.b

amd/epyc_7373x_firmware < milanpi_1.0.0.b

amd/epyc_73f3_firmware < milanpi_1.0.0.b

... and 40 more

Published Aug 13, 2024

Tracked Since Feb 18, 2026