← back
CVE-2023-20591

CVE-2023-20591

CVSS 6.5 MEDIUMEPSS 0.3%CWE-665
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected products
AMD · AMD EPYC™ 7003 Series ProcessorsAMD · AMD EPYC™ 9004 Series ProcessorsAMD · AMD EPYC™ Embedded 7003 Series ProcessorsAMD · AMD EPYC™ Embedded 9003 Series Processors

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html