Description
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None
Affected products
- AMD / AMD EPYC™ 7003 ProcessorsMilanPI 1.0.0.C – MilanPI 1.0.0.C
- AMD / AMD EPYC™ 9004 ProcessorsGenoaPI 1.0.0.B – GenoaPI 1.0.0.B