CVE-2023-20584
First published: Tue Aug 13 2024(Updated: )
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
Credit: psirt@amd.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| amd epyc 8024pn firmware | <genoapi_1.0.0.b | |
| amd epyc 8024pn | ||
| All of | ||
| amd epyc 8024p firmware | <genoapi_1.0.0.b | |
| amd epyc 8024p | ||
| All of | ||
| amd epyc 8124pn firmware | <genoapi_1.0.0.b | |
| amd epyc 8124pn | ||
| All of | ||
| amd epyc 8124p firmware | <genoapi_1.0.0.b | |
| amd epyc 8124p | ||
| All of | ||
| Amd Epyc Server Firmware | <genoapi_1.0.0.b | |
| amd epyc 8224pn | ||
| All of | ||
| amd epyc 8224p firmware | <genoapi_1.0.0.b | |
| amd epyc 8224p | ||
| All of | ||
| amd epyc 8324pn firmware | <genoapi_1.0.0.b | |
| amd epyc 8324pn | ||
| All of | ||
| amd epyc 8324p firmware | <genoapi_1.0.0.b | |
| amd epyc 8324p | ||
| All of | ||
| Amd Epyc Server Firmware | <genoapi_1.0.0.b | |
| amd epyc 8434pn | ||
| All of | ||
| amd epyc 8434p firmware | <genoapi_1.0.0.b | |
| amd epyc 8434p | ||
| All of | ||
| amd epyc 8534pn firmware | <genoapi_1.0.0.b | |
| amd epyc 8534pn | ||
| All of | ||
| amd epyc 8534p firmware | <genoapi_1.0.0.b | |
| amd epyc 8534p | ||
| All of | ||
| AMD EPYC 9734 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9734 Firmware | ||
| All of | ||
| AMD EPYC 9754S Firmware | <genoapi_1.0.0.b | |
| AMD Epyc 9754S | ||
| All of | ||
| Amd Epyc Server Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9754 Firmware | ||
| All of | ||
| AMD EPYC 9184X firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9184X | ||
| All of | ||
| AMD EPYC 9384X Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9384X | ||
| All of | ||
| AMD EPYC 9684X Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9684X Firmware | ||
| All of | ||
| AMD EPYC 9124 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9124 Firmware | ||
| All of | ||
| AMD EPYC 9174F Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9174F | ||
| All of | ||
| AMD EPYC 9224 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9224 | ||
| All of | ||
| AMD EPYC 9254 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9254 | ||
| All of | ||
| AMD EPYC 9274F Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9274F Firmware | ||
| All of | ||
| AMD EPYC 9334 firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9334 firmware | ||
| All of | ||
| AMD EPYC 9354 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9354 Firmware | ||
| All of | ||
| AMD EPYC 9354P Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9354P | ||
| All of | ||
| AMD EPYC 9374F Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9374F Firmware | ||
| All of | ||
| AMD EPYC 9454P Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9454P | ||
| All of | ||
| AMD EPYC 9454P Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9454P | ||
| All of | ||
| AMD Epyc 9474F Firmware | <genoapi_1.0.0.b | |
| AMD Epyc 9474F Firmware | ||
| All of | ||
| AMD EPYC 9534 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9534 | ||
| All of | ||
| AMD EPYC 9554 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9554 | ||
| All of | ||
| AMD EPYC 9554P Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9554P Firmware | ||
| All of | ||
| AMD EPYC 9634 Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9634 Firmware | ||
| All of | ||
| AMD EPYC 9654 firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9654 firmware | ||
| All of | ||
| AMD EPYC 9654P Firmware | <genoapi_1.0.0.b | |
| AMD EPYC 9654P | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| amd epyc 7203 | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| amd epyc 7203p | ||
| All of | ||
| AMD EPYC 72F3 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 72F3 Firmware | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| amd epyc 7303 | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| amd epyc 7303p | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7313P | ||
| All of | ||
| AMD EPYC 7313P Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7313P | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7343 | ||
| All of | ||
| AMD EPYC 73F3 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 73F3 | ||
| All of | ||
| AMD EPYC 7373X Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7373X | ||
| All of | ||
| AMD EPYC 7413 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7413 Firmware | ||
| All of | ||
| AMD EPYC 7443 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7443 | ||
| All of | ||
| AMD EPYC 7443P Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7443P | ||
| All of | ||
| AMD EPYC 74F3 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 74F3 | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7453 | ||
| All of | ||
| AMD EPYC 7473X Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7473X | ||
| All of | ||
| AMD EPYC 7513 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7513 | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7543 Firmware | ||
| All of | ||
| AMD EPYC 7543P Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7543P Firmware | ||
| All of | ||
| AMD EPYC 75F3 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 75F3 | ||
| All of | ||
| AMD EPYC 7573X Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7573X | ||
| All of | ||
| AMD EPYC 7643 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7643 | ||
| All of | ||
| AMD EPYC 7773X Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7773X | ||
| All of | ||
| Amd Epyc Server Firmware | <milanpi_1.0.0.b | |
| amd epyc 7643p | ||
| All of | ||
| AMD EPYC 7663 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7663 Firmware | ||
| All of | ||
| amd epyc 7663p firmware | <milanpi_1.0.0.b | |
| amd epyc 7663p | ||
| All of | ||
| AMD EPYC 7713P Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7713 | ||
| All of | ||
| AMD EPYC 7713P Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7713P Firmware | ||
| All of | ||
| AMD EPYC 7763 Firmware | <milanpi_1.0.0.b | |
| AMD EPYC 7763 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-20584?
CVE-2023-20584 has been classified as a high severity vulnerability.
How do I fix CVE-2023-20584?
To mitigate CVE-2023-20584, update the affected AMD EPYC firmware to the latest version that addresses the vulnerability.
Which systems are affected by CVE-2023-20584?
CVE-2023-20584 affects AMD EPYC processors with specific firmware versions up to genoapi_1.0.0.b.
What causes CVE-2023-20584?
CVE-2023-20584 is caused by improper handling of certain special address ranges with invalid device table entries by the IOMMU.
What could be the impact of CVE-2023-20584?
Exploitation of CVE-2023-20584 could lead to a loss of guest integrity in systems utilizing SEV-SNP if the hypervisor is compromised.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/amd
- canonical/amd epyc 8024pn firmware
- canonical/amd epyc 8024pn
- canonical/amd epyc 8024p firmware
- canonical/amd epyc 8024p
- canonical/amd epyc 8124pn firmware
- canonical/amd epyc 8124pn
- canonical/amd epyc 8124p firmware
- canonical/amd epyc 8124p
- canonical/amd epyc server firmware
- canonical/amd epyc 8224pn
- canonical/amd epyc 8224p firmware
- canonical/amd epyc 8224p
- canonical/amd epyc 8324pn firmware
- canonical/amd epyc 8324pn
- canonical/amd epyc 8324p firmware
- canonical/amd epyc 8324p
- canonical/amd epyc 8434pn
- canonical/amd epyc 8434p firmware
- canonical/amd epyc 8434p
- canonical/amd epyc 8534pn firmware
- canonical/amd epyc 8534pn
- canonical/amd epyc 8534p firmware
- canonical/amd epyc 8534p
- canonical/amd epyc 9734 firmware
- canonical/amd epyc 9754s firmware
- canonical/amd epyc 9754s
- canonical/amd epyc 9754 firmware
- canonical/amd epyc 9184x firmware
- canonical/amd epyc 9184x
- canonical/amd epyc 9384x firmware
- canonical/amd epyc 9384x
- canonical/amd epyc 9684x firmware
- canonical/amd epyc 9124 firmware
- canonical/amd epyc 9174f firmware
- canonical/amd epyc 9174f
- canonical/amd epyc 9224 firmware
- canonical/amd epyc 9224
- canonical/amd epyc 9254 firmware
- canonical/amd epyc 9254
- canonical/amd epyc 9274f firmware
- canonical/amd epyc 9334 firmware
- canonical/amd epyc 9354 firmware
- canonical/amd epyc 9354p firmware
- canonical/amd epyc 9354p
- canonical/amd epyc 9374f firmware
- canonical/amd epyc 9454p firmware
- canonical/amd epyc 9454p
- canonical/amd epyc 9474f firmware
- canonical/amd epyc 9534 firmware
- canonical/amd epyc 9534
- canonical/amd epyc 9554 firmware
- canonical/amd epyc 9554
- canonical/amd epyc 9554p firmware
- canonical/amd epyc 9634 firmware
- canonical/amd epyc 9654 firmware
- canonical/amd epyc 9654p firmware
- canonical/amd epyc 9654p
- canonical/amd epyc 7203
- canonical/amd epyc 7203p
- canonical/amd epyc 72f3 firmware
- canonical/amd epyc 7303
- canonical/amd epyc 7303p
- canonical/amd epyc 7313p
- canonical/amd epyc 7313p firmware
- canonical/amd epyc 7343
- canonical/amd epyc 73f3 firmware
- canonical/amd epyc 73f3
- canonical/amd epyc 7373x firmware
- canonical/amd epyc 7373x
- canonical/amd epyc 7413 firmware
- canonical/amd epyc 7443 firmware
- canonical/amd epyc 7443
- canonical/amd epyc 7443p firmware
- canonical/amd epyc 7443p
- canonical/amd epyc 74f3 firmware
- canonical/amd epyc 74f3
- canonical/amd epyc 7453
- canonical/amd epyc 7473x firmware
- canonical/amd epyc 7473x
- canonical/amd epyc 7513 firmware
- canonical/amd epyc 7513
- canonical/amd epyc 7543 firmware
- canonical/amd epyc 7543p firmware
- canonical/amd epyc 75f3 firmware
- canonical/amd epyc 75f3
- canonical/amd epyc 7573x firmware
- canonical/amd epyc 7573x
- canonical/amd epyc 7643 firmware
- canonical/amd epyc 7643
- canonical/amd epyc 7773x firmware
- canonical/amd epyc 7773x
- canonical/amd epyc 7643p
- canonical/amd epyc 7663 firmware
- canonical/amd epyc 7663p firmware
- canonical/amd epyc 7663p
- canonical/amd epyc 7713p firmware
- canonical/amd epyc 7713
- canonical/amd epyc 7763 firmware