CVE-2023-20591
moderate-risk
Published 2024-08-13
Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
Do I need to act?
-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Epyc 8024Pn Firmware
Epyc 8024P Firmware
Epyc 8124Pn Firmware
Epyc 8124P Firmware
Epyc 8224Pn Firmware
Epyc 8224P Firmware
Epyc 8324Pn Firmware
Epyc 8324P Firmware
Epyc 8434Pn Firmware
Epyc 8434P Firmware
Epyc 8534Pn Firmware
Epyc 8534P Firmware
Epyc 9734 Firmware
Epyc 9754S Firmware
Epyc 9754 Firmware
Epyc 9184X Firmware
Epyc 9384X Firmware
Epyc 9684X Firmware
Epyc 9124 Firmware
Epyc 9174F Firmware
Affected Vendors
References (1)
48
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
27/34 · High