CVE-2023-20584
Publication date 13 August 2024
Last updated 26 August 2025
Ubuntu priority
Description
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| amd64-microcode | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Fixed 3.20250311.1ubuntu0.24.04.1
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
rodrigo-zaiden
AMD SEV firmware were included in noble onwards, based on upstream release 20220411, releases older than that are not supported.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.3 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | High |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-7561-1
- AMD Microcode vulnerabilities
- 9 June 2025