Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2023-20578 CVE-2021-26344 CVE-2023-20591 CVE-2023-20584 CVE-2023-31356 CVE-2021-46772 CVE-2023-20518 |
CWE-ID | CWE-367 CWE-787 CWE-665 CWE-20 CWE-459 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
3rd Gen AMD EPYC Processors Hardware solutions / Firmware 4th Gen AMD EPYC Processors Hardware solutions / Firmware 1st Gen AMD EPYC Processors Hardware solutions / Firmware 2nd Gen AMD EPYC Processors Hardware solutions / Firmware |
Vendor | AMD |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU97943
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20578
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of certain special address ranges with invalid device table entries (DTEs). A local user can induce DTE faults to bypass RMP checks in SEV-SNP.
MitigationInstall updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.C
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.B
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97944
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26344
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing the AMD PSP1 Configuration Block (APCB). A local user can trigger an out-of-bounds write, modify the APCB block and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions1st Gen AMD EPYC Processors: All versions
2nd Gen AMD EPYC Processors: before RomePI 1.0.0.C
3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.5
CPE2.3 External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97945
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20591
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to compromise the affected system.
The vulnerability exists due to improper initialization of IOMMU during the DRTM event. A malicious guest can read or modify hypervisor memory.
MitigationInstall updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.B
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.8
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97948
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20584
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of special address ranges with invalid device table entries (DTEs) in IOMMU. A local user can induce DTE faults to bypass RMP checks in SEV-SNP.
MitigationInstall updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.C
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.B
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97951
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31356
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incomplete system memory cleanup in SEV firmware. A local privileged user can corrupt guest private memory.
MitigationInstall updates from vendor's website.
Vulnerable software versions3rd Gen AMD EPYC Processors: before MilanPI 1.0.0.C
4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.B
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97953
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46772
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in the ABL. A local privileged user with access to the BIOS menu or UEFI shell can tamper with the structure headers in SPI ROM and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions2nd Gen AMD EPYC Processors: before RomePI 1.0.0.E
3rd Gen AMD EPYC Processors: before GenoaPI 1.0.0.9
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97954
Risk: Low
CVSSv3.1: 1.7 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20518
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incomplete cleanup in the ASP. A local privileged user with access to the BIOS menu or UEFI shell can obtain the Master Encryption Key (MEK).
Install updates from vendor's website.
Vulnerable software versions4th Gen AMD EPYC Processors: before GenoaPI 1.0.0.4
CPE2.3http://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.