CVE-2023-20592

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.

Published: Nov 14, 2023
Updated: Nov 29, 2023
CVE: CVE-2023-20592
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
amd / epyc_7763_firmware	-	milanpi_1.0.0.c
amd / epyc_7713p_firmware	-	milanpi_1.0.0.c
amd / epyc_7713_firmware	-	milanpi_1.0.0.c
amd / epyc_7663p_firmware	-	milanpi_1.0.0.c
amd / epyc_7663_firmware	-	milanpi_1.0.0.c
amd / epyc_7643p_firmware	-	milanpi_1.0.0.c
amd / epyc_7773x_firmware	-	milanpi_1.0.0.c
amd / epyc_7643_firmware	-	milanpi_1.0.0.c
amd / epyc_7573x_firmware	-	milanpi_1.0.0.c
amd / epyc_75f3_firmware	-	milanpi_1.0.0.c
amd / epyc_7543p_firmware	-	milanpi_1.0.0.c
amd / epyc_7543_firmware	-	milanpi_1.0.0.c
amd / epyc_7513_firmware	-	milanpi_1.0.0.c
amd / epyc_7473x_firmware	-	milanpi_1.0.0.c
amd / epyc_7453_firmware	-	milanpi_1.0.0.c
amd / epyc_74f3_firmware	-	milanpi_1.0.0.c
amd / epyc_7443p_firmware	-	milanpi_1.0.0.c
amd / epyc_7443_firmware	-	milanpi_1.0.0.c
amd / epyc_7413_firmware	-	milanpi_1.0.0.c
amd / epyc_7373x_firmware	-	milanpi_1.0.0.c
amd / epyc_73f3_firmware	-	milanpi_1.0.0.c
amd / epyc_7343_firmware	-	milanpi_1.0.0.c
amd / epyc_7313p_firmware	-	milanpi_1.0.0.c
amd / epyc_7313_firmware	-	milanpi_1.0.0.c
amd / epyc_7303p_firmware	-	milanpi_1.0.0.c
amd / epyc_7303_firmware	-	milanpi_1.0.0.c
amd / epyc_72f3_firmware	-	milanpi_1.0.0.c
amd / epyc_7203p_firmware	-	milanpi_1.0.0.c
amd / epyc_7203_firmware	-	milanpi_1.0.0.c

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005

Vulnerability Database

289,599

CVE-2023-20592