Skip to main content

Epyc 7001 Firmware CVE-2023-20592

MEDIUM
2023-11-14 psirt@amd.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2023 - 19:15 nvd
MEDIUM 6.5

DescriptionNVD

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

AnalysisAI

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. Affected products include: Amd Epyc 7001 Firmware, Amd Epyc 7251 Firmware, Amd Epyc 7261 Firmware, Amd Epyc 7281 Firmware, Amd Epyc 7301 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-26340 HIGH
8.4 Dec 10

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl

CVE-2021-26335 HIGH
7.8 Nov 16

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us

CVE-2021-26331 HIGH
7.8 Nov 16

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent

CVE-2023-20527 MEDIUM
6.5 Jan 11

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, po

CVE-2022-23825 MEDIUM
6.5 Jul 14

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to in

CVE-2022-29900 MEDIUM
6.5 Jul 12

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain micr

CVE-2022-23823 MEDIUM
6.5 Jun 15

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute

CVE-2023-20521 MEDIUM
5.7 Nov 14

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory cont

CVE-2022-23824 MEDIUM
5.5 Nov 09

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential in

CVE-2021-26330 MEDIUM
5.5 Nov 16

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated med

CVE-2023-20526 MEDIUM
4.6 Nov 14

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the

Share

CVE-2023-20592 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy