Epyc 7763 Firmware
CVE-2023-20566
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
AnalysisAI
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. Affected products include: Amd Epyc 7763 Firmware, Amd Epyc 7713P Firmware, Amd Epyc 7713 Firmware, Amd Epyc 7663P Firmware, Amd Epyc 7663 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Epyc 7763 Firmware
View allImproper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-b
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. R
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a g
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially le
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. Rated high se
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW,
Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. Rated high severity (CVSS 7.8)
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today