CVE-2023-20592

Name of the Vulnerable Software and Affected Versions AMD CPUs (affected versions not specified)

Description The issue concerns improper or unexpected behavior of the INVD instruction in some AMD CPUs, potentially allowing an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU. This could lead to a loss of guest virtual machine (VM) memory integrity. The vulnerability, known as CacheWarp, affects AMD's Secure Encrypted Virtualization (SEV) technology, which is designed to protect against malicious hypervisors and reduce the attack surface of virtual machines by encrypting data. CacheWarp can be exploited to escalate privileges, execute remote code, and bypass authentication in virtual machines. The attack involves manipulating cache lines and exploiting the INVD instruction to alter the behavior of the CPU, potentially allowing attackers to gain control over virtual machines and access sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.