AMD EPYC and Embedded EPYC Processors IOMMU Write Buffer Vulnerability Allowing Out-of-Bounds Conditions

A vulnerability exists in AMD EPYC 7003 and 9004 series processors, as well as in AMD EPYC 7003 and 9004 embedded series processors. Insufficient checks of the RMP on host buffer access in IOMMU may enable an attacker with privileges and a compromised hypervisor to trigger an out-of-bounds condition, potentially leading to a loss of confidential guest integrity.

Impact

Exploitation of this vulnerability could result in unauthorized data modification, specifically writing data outside the intended buffer limits, which could compromise the integrity of confidential guest data in SNP environments.

Remediation

Users are advised to update to the SEV firmware versions specified for their processor series, along with an operating system-specific update. For AMD EPYC 7003 and 9004 embedded series processors, the SEV firmware update must be combined with an OS update. Consult the AMD product security bulletin AMD-SB-3016 for detailed guidance.