AMD EPYC and Ryzen Embedded Processors IOMMU Vulnerability Allowing Memory Access by Hypervisor

A vulnerability has been identified in the IOMMU of AMD EPYC and Ryzen Embedded processors. This vulnerability improperly restricts operations, which could enable a malicious hypervisor to access private memory of guests, leading to a loss of integrity. Affected processors include the AMD EPYC 7003 and 9004 series, as well as various Ryzen Embedded series processors. The issue arises from inadequate operation restrictions in the IOMMU, potentially allowing hypervisors to manipulate or access guest memory inappropriately.

Impact

Exploitation of this vulnerability could allow a hypervisor to access and manipulate guest private memory, resulting in a loss of integrity for the affected virtual machines.

Remediation

Users are advised to update to the latest Platform Initialization (PI) firmware version available for their specific processor series. For AMD EPYC processors, the updated PI firmware versions can be obtained through the Original Equipment Manufacturers (OEM). Ryzen Embedded processors also have specific update instructions available through OEMs.