CVE-2023-20582

Published Feb 11, 2025

Last updated 3 months ago

CVSS medium 5.3

Overview

Description: Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
Source: psirt@amd.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 4
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

psirt@amd.com: CWE-1284

Hype score: Not currently trending

CVE-2023-20582 Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SE… https://t.co/B20raNyRZs
@CVEnew
11 Feb 2025
271 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.