Red Hat: CVE-2023-20584: kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity (Multiple Advisories)

Red Hat: CVE-2023-20584: kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity (Multiple Advisories)

Severity

4

CVSS

(AV:L/AC:H/Au:M/C:N/I:C/A:N)

Published

08/13/2024

Created

10/08/2024

Added

10/07/2024

Modified

12/16/2024

Description

IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.

Solution(s)

• redhat-upgrade-iwl100-firmware
• redhat-upgrade-iwl1000-firmware
• redhat-upgrade-iwl105-firmware
• redhat-upgrade-iwl135-firmware
• redhat-upgrade-iwl2000-firmware
• redhat-upgrade-iwl2030-firmware
• redhat-upgrade-iwl3160-firmware
• redhat-upgrade-iwl3945-firmware
• redhat-upgrade-iwl4965-firmware
• redhat-upgrade-iwl5000-firmware
• redhat-upgrade-iwl5150-firmware
• redhat-upgrade-iwl6000-firmware
• redhat-upgrade-iwl6000g2a-firmware
• redhat-upgrade-iwl6000g2b-firmware
• redhat-upgrade-iwl6050-firmware
• redhat-upgrade-iwl7260-firmware
• redhat-upgrade-libertas-sd8686-firmware
• redhat-upgrade-libertas-sd8787-firmware
• redhat-upgrade-libertas-usb8388-firmware
• redhat-upgrade-libertas-usb8388-olpc-firmware
• redhat-upgrade-linux-firmware
• redhat-upgrade-linux-firmware-whence
• redhat-upgrade-netronome-firmware

References

• CVE-2023-20584
• RHSA-2024:7481
• RHSA-2024:7483
• RHSA-2024:7484