Vulnerabilities > CVE-2023-20519 - Use After Free vulnerability in AMD Genoapi Firmware and Milanpi Firmware

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

local

low complexity

amd

CWE-416

NVD

Published: 2023-11-14

Updated: 2023-11-21

Summary

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.

Vulnerable Configurations

Part	Description	Count
OS	Amd AMD Milanpi Firmware * AMD Genoapi Firmware *	2
Hardware	Amd AMD Milanpi - AMD Genoapi -	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002