CVE-2023-20519

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002	Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:41

Type	Values Removed	Values Added
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 - Vendor Advisory~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 - Vendor Advisory

21 Nov 2023, 20:27

Type	Values Removed	Values Added
First Time		Amd milanpi Amd genoapi Amd genoapi Firmware Amd milanpi Firmware Amd
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3
CWE		CWE-416
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 -~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 - Vendor Advisory
CPE		cpe:2.3:h:amd:milanpi:-:::::::* cpe:2.3:o:amd:genoapi_firmware:::::::: cpe:2.3:h:amd:genoapi:-:::::::* cpe:2.3:o:amd:milanpi_firmware::::::::

14 Nov 2023, 19:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-14 19:15

Updated : 2024-11-21 07:41

NVD link : CVE-2023-20519

Mitre link : CVE-2023-20519

CVE.ORG link : CVE-2023-20519

JSON object : View

Products Affected

amd

milanpi
milanpi_firmware
genoapi_firmware
genoapi

CWE

CWE-416

Use After Free

{"id": "CVE-2023-20519", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-11-14T19:15:15.533", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}, {"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad Use-After-Free en la administraci\u00f3n de una p\u00e1gina contextual de invitado SNP puede permitir que un hipervisor malicioso se haga pasar por el agente de migraci\u00f3n del invitado, lo que resulta en una posible p\u00e9rdida de integridad del invitado."}], "lastModified": "2024-11-21T07:41:04.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D04D59C4-B1F2-477B-A1B6-ADCA15925FC3", "versionEndExcluding": "1.0.0.a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21375AC-B510-4A7C-8382-D98710569550", "versionEndExcluding": "1.0.0.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EC5CF20-1E17-4F25-A186-5AFD1D0AC641"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@amd.com"}