5.3 CVE-2023-20584

Enriched by CISA

IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
https://nvd.nist.gov/vuln/detail/CVE-2023-20584

References

psirt@amd.com

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html Vendor Advisory

AFFECTED (from MITRE)

Vendor	Product	Versions
AMD	AMD EPYCâ¢ 7003 Processors	MilanPI 1.0.0.C [unaffected]
AMD	AMD EPYCâ¢ 9004 Processors	GenoaPI 1.0.0.B [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
AND
cpe:2.3:o:amd:epyc_8024pn_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8024pn:-:::::::*
Configuration 2
AND
cpe:2.3:o:amd:epyc_8024p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8024p:-:::::::*
Configuration 3
AND
cpe:2.3:o:amd:epyc_8124pn_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8124pn:-:::::::*
Configuration 4
AND
cpe:2.3:o:amd:epyc_8124p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8124p:-:::::::*
Configuration 5
AND
cpe:2.3:o:amd:epyc_8224pn_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8224pn:-:::::::*
Configuration 6
AND
cpe:2.3:o:amd:epyc_8224p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8224p:-:::::::*
Configuration 7
AND
cpe:2.3:o:amd:epyc_8324pn_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8324pn:-:::::::*
Configuration 8
AND
cpe:2.3:o:amd:epyc_8324p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8324p:-:::::::*
Configuration 9
AND
cpe:2.3:o:amd:epyc_8434pn_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8434pn:-:::::::*
Configuration 10
AND
cpe:2.3:o:amd:epyc_8434p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8434p:-:::::::*
Configuration 11
AND
cpe:2.3:o:amd:epyc_8534pn_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8534pn:-:::::::*
Configuration 12
AND
cpe:2.3:o:amd:epyc_8534p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_8534p:-:::::::*
Configuration 13
AND
cpe:2.3:o:amd:epyc_9734_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9734:-:::::::*
Configuration 14
AND
cpe:2.3:o:amd:epyc_9754s_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9754s:-:::::::*
Configuration 15
AND
cpe:2.3:o:amd:epyc_9754_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9754:-:::::::*
Configuration 16
AND
cpe:2.3:o:amd:epyc_9184x_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9184x:-:::::::*
Configuration 17
AND
cpe:2.3:o:amd:epyc_9384x_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9384x:-:::::::*
Configuration 18
AND
cpe:2.3:o:amd:epyc_9684x_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9684x:-:::::::*
Configuration 19
AND
cpe:2.3:o:amd:epyc_9124_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9124:-:::::::*
Configuration 20
AND
cpe:2.3:o:amd:epyc_9174f_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9174f:-:::::::*
Configuration 21
AND
cpe:2.3:o:amd:epyc_9224_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9224:-:::::::*
Configuration 22
AND
cpe:2.3:o:amd:epyc_9254_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9254:-:::::::*
Configuration 23
AND
cpe:2.3:o:amd:epyc_9274f_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9274f:-:::::::*
Configuration 24
AND
cpe:2.3:o:amd:epyc_9334_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9334:-:::::::*
Configuration 25
AND
cpe:2.3:o:amd:epyc_9354_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9354:-:::::::*
Configuration 26
AND
cpe:2.3:o:amd:epyc_9354p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9354p:-:::::::*
Configuration 27
AND
cpe:2.3:o:amd:epyc_9374f_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9374f:-:::::::*
Configuration 28
AND
cpe:2.3:o:amd:epyc_9454_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9454:-:::::::*
Configuration 29
AND
cpe:2.3:o:amd:epyc_9454p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9454p:-:::::::*
Configuration 30
AND
cpe:2.3:o:amd:epyc_9474f_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9474f:-:::::::*
Configuration 31
AND
cpe:2.3:o:amd:epyc_9534_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9534:-:::::::*
Configuration 32
AND
cpe:2.3:o:amd:epyc_9554_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9554:-:::::::*
Configuration 33
AND
cpe:2.3:o:amd:epyc_9554p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9554p:-:::::::*
Configuration 34
AND
cpe:2.3:o:amd:epyc_9634_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9634:-:::::::*
Configuration 35
AND
cpe:2.3:o:amd:epyc_9654_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9654:-:::::::*
Configuration 36
AND
cpe:2.3:o:amd:epyc_9654p_firmware::::::::		< genoapi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_9654p:-:::::::*
Configuration 37
AND
cpe:2.3:o:amd:epyc_7203_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7203:-:::::::*
Configuration 38
AND
cpe:2.3:o:amd:epyc_7203p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7203p:-:::::::*
Configuration 39
AND
cpe:2.3:o:amd:epyc_72f3_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_72f3:-:::::::*
Configuration 40
AND
cpe:2.3:o:amd:epyc_7303_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7303:-:::::::*
Configuration 41
AND
cpe:2.3:o:amd:epyc_7303p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7303p:-:::::::*
Configuration 42
AND
cpe:2.3:o:amd:epyc_7313_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7313:-:::::::*
Configuration 43
AND
cpe:2.3:o:amd:epyc_7313p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7313p:-:::::::*
Configuration 44
AND
cpe:2.3:o:amd:epyc_7343_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7343:-:::::::*
Configuration 45
AND
cpe:2.3:o:amd:epyc_73f3_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_73f3:-:::::::*
Configuration 46
AND
cpe:2.3:o:amd:epyc_7373x_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7373x:-:::::::*
Configuration 47
AND
cpe:2.3:o:amd:epyc_7413_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7413:-:::::::*
Configuration 48
AND
cpe:2.3:o:amd:epyc_7443_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7443:-:::::::*
Configuration 49
AND
cpe:2.3:o:amd:epyc_7443p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7443p:-:::::::*
Configuration 50
AND
cpe:2.3:o:amd:epyc_74f3_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_74f3:-:::::::*
Configuration 51
AND
cpe:2.3:o:amd:epyc_7453_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7453:-:::::::*
Configuration 52
AND
cpe:2.3:o:amd:epyc_7473x_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7473x:-:::::::*
Configuration 53
AND
cpe:2.3:o:amd:epyc_7513_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7513:-:::::::*
Configuration 54
AND
cpe:2.3:o:amd:epyc_7543_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7543:-:::::::*
Configuration 55
AND
cpe:2.3:o:amd:epyc_7543p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7543p:-:::::::*
Configuration 56
AND
cpe:2.3:o:amd:epyc_75f3_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_75f3:-:::::::*
Configuration 57
AND
cpe:2.3:o:amd:epyc_7573x_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7573x:-:::::::*
Configuration 58
AND
cpe:2.3:o:amd:epyc_7643_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7643:-:::::::*
Configuration 59
AND
cpe:2.3:o:amd:epyc_7773x_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7773x:-:::::::*
Configuration 60
AND
cpe:2.3:o:amd:epyc_7643p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7643p:-:::::::*
Configuration 61
AND
cpe:2.3:o:amd:epyc_7663_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7663:-:::::::*
Configuration 62
AND
cpe:2.3:o:amd:epyc_7663p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7663p:-:::::::*
Configuration 63
AND
cpe:2.3:o:amd:epyc_7713_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7713:-:::::::*
Configuration 64
AND
cpe:2.3:o:amd:epyc_7713p_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7713p:-:::::::*
Configuration 65
AND
cpe:2.3:o:amd:epyc_7763_firmware::::::::		< milanpi_1.0.0.b
Running on/with
cpe:2.3:h:amd:epyc_7763:-:::::::*

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee