CVE-2023-20591

Name: CVE-2023-20591
Creator: NVD / NIST
Published: 2024-08-13T17:15:19.92+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 10/10EPSS 0.30%

Last modified Jun 17, 2026

CVE-2023-20591 is a critical-severity vulnerability rated 10/10 on the CVSS scale. Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.

Metrics

CVSS 3.1

10/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.30%

21.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Amd	Epyc 8024pn Firmware	< genoapi_1.0.0.8
Amd	Epyc 8024p Firmware	< genoapi_1.0.0.8
Amd	Epyc 8124pn Firmware	< genoapi_1.0.0.8
Amd	Epyc 8124p Firmware	< genoapi_1.0.0.8
Amd	Epyc 8224pn Firmware	< genoapi_1.0.0.8
Amd	Epyc 8224p Firmware	< genoapi_1.0.0.8
Amd	Epyc 8324pn Firmware	< genoapi_1.0.0.8
Amd	Epyc 8324p Firmware	< genoapi_1.0.0.8
Amd	Epyc 8434pn Firmware	< genoapi_1.0.0.8
Amd	Epyc 8434p Firmware	< genoapi_1.0.0.8
Amd	Epyc 8534pn Firmware	< genoapi_1.0.0.8
Amd	Epyc 8534p Firmware	< genoapi_1.0.0.8
Amd	Epyc 9734 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9754s Firmware	< genoapi_1.0.0.8
Amd	Epyc 9754 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9184x Firmware	< genoapi_1.0.0.8
Amd	Epyc 9384x Firmware	< genoapi_1.0.0.8
Amd	Epyc 9684x Firmware	< genoapi_1.0.0.8
Amd	Epyc 9124 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9174f Firmware	< genoapi_1.0.0.8
Amd	Epyc 9224 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9254 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9274f Firmware	< genoapi_1.0.0.8
Amd	Epyc 9334 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9354 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9354p Firmware	< genoapi_1.0.0.8
Amd	Epyc 9374f Firmware	< genoapi_1.0.0.8
Amd	Epyc 9454 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9454p Firmware	< genoapi_1.0.0.8
Amd	Epyc 9474f Firmware	< genoapi_1.0.0.8
Amd	Epyc 9534 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9554 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9554p Firmware	< genoapi_1.0.0.8
Amd	Epyc 9634 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9654 Firmware	< genoapi_1.0.0.8
Amd	Epyc 9654p Firmware	< genoapi_1.0.0.8
Amd	Epyc 7203 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7203p Firmware	< milanpi_1.0.0.b
Amd	Epyc 72f3 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7303 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7303p Firmware	< milanpi_1.0.0.b
Amd	Epyc 7313 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7313p Firmware	< milanpi_1.0.0.b
Amd	Epyc 7343 Firmware	< milanpi_1.0.0.b
Amd	Epyc 73f3 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7373x Firmware	< milanpi_1.0.0.b
Amd	Epyc 7413 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7443 Firmware	< milanpi_1.0.0.b
Amd	Epyc 7443p Firmware	< milanpi_1.0.0.b
Amd	Epyc 74f3 Firmware	< milanpi_1.0.0.b

Showing 50 of 65 affected configurations. See NVD for the full list.

References

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.htmlVendor Advisory

Timeline

Published: Aug 13, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-20591?

How severe is CVE-2023-20591?

CVE-2023-20591 has a CVSS score of 10/10 (CRITICAL severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2023-20591?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20591?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST