CVE-2023-20519

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-14 19:15

Updated : 2023-11-21 20:27

NVD link : CVE-2023-20519

Mitre link : CVE-2023-20519

CVE.ORG link : CVE-2023-20519

JSON object : View

Products Affected

amd

genoapi_firmware
milanpi
genoapi
milanpi_firmware

CWE

CWE-416

Use After Free

{"id": "CVE-2023-20519", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-11-14T19:15:15.533", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad Use-After-Free en la administraci\u00f3n de una p\u00e1gina contextual de invitado SNP puede permitir que un hipervisor malicioso se haga pasar por el agente de migraci\u00f3n del invitado, lo que resulta en una posible p\u00e9rdida de integridad del invitado."}], "lastModified": "2023-11-21T20:27:42.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D04D59C4-B1F2-477B-A1B6-ADCA15925FC3", "versionEndExcluding": "1.0.0.a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21375AC-B510-4A7C-8382-D98710569550", "versionEndExcluding": "1.0.0.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EC5CF20-1E17-4F25-A186-5AFD1D0AC641"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@amd.com"}