{
  "threat_severity" : "Moderate",
  "public_date" : "2024-08-13T12:00:00Z",
  "bugzilla" : {
    "description" : "kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity",
    "id" : "2304583",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2304583"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
    "status" : "verified"
  },
  "details" : [ "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity.", "A flaw was found in the way AMD IOMMU handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7481",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "linux-firmware-0:20240827-124.git3cff7109.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7418",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "linux-firmware-0:20240827-114.3.git3cff7109.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7418",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "linux-firmware-0:20240827-114.3.git3cff7109.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2024-10-01T00:00:00Z",
    "advisory" : "RHSA-2024:7418",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "linux-firmware-0:20240827-114.3.git3cff7109.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7484",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "linux-firmware-0:20240905-143.3.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-10-02T00:00:00Z",
    "advisory" : "RHSA-2024:7483",
    "cpe" : "cpe:/o:redhat:rhel_eus:9.2",
    "package" : "linux-firmware-0:20240905-138.3.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "linux-firmware",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-20584\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20584\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" ],
  "name" : "CVE-2023-20584",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}