CVE-2023-20519

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*

History

21 Nov 2023, 20:27

Type	Values Removed	Values Added
CPE		cpe:2.3:h:amd:genoapi:-:::::::* cpe:2.3:o:amd:milanpi_firmware:::::::: cpe:2.3:o:amd:genoapi_firmware:::::::: cpe:2.3:h:amd:milanpi:-:::::::*
References	~~() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 -~~	() https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 - Vendor Advisory
First Time		Amd milanpi Firmware Amd genoapi Firmware Amd genoapi Amd milanpi Amd
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3

14 Nov 2023, 19:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-14 19:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-20519

Mitre link : CVE-2023-20519

CVE.ORG link : CVE-2023-20519

JSON object : View

Products Affected

amd

genoapi
genoapi_firmware
milanpi
milanpi_firmware

CWE

CWE-416

Use After Free

{"id": "CVE-2023-20519", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-11-14T19:15:15.533", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", "tags": ["Vendor Advisory"], "source": "psirt@amd.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad Use-After-Free en la administraci\u00f3n de una p\u00e1gina contextual de invitado SNP puede permitir que un hipervisor malicioso se haga pasar por el agente de migraci\u00f3n del invitado, lo que resulta en una posible p\u00e9rdida de integridad del invitado."}], "lastModified": "2023-11-21T20:27:42.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D04D59C4-B1F2-477B-A1B6-ADCA15925FC3", "versionEndExcluding": "1.0.0.a"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21375AC-B510-4A7C-8382-D98710569550", "versionEndExcluding": "1.0.0.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EC5CF20-1E17-4F25-A186-5AFD1D0AC641"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@amd.com"}