Back to Security Bulletins and Briefs

IOMMU Write Buffer Vulnerability

AMD ID:  AMD-SB-3016
Potential Impact: Loss of Integrity
Severity: Medium

Summary

An internal security audit has found a potential vulnerability that may allow an attacker with privileges and  a compromised  hypervisor to write data outside the buffer length during host buffer access, potentially resulting in loss of SNP guest data integrity.

CVE Details

Refer to Glossary for explanation of terms

CVE

CVE Description

CVSS Score

CVE-2023-20585

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.

5.3 (Medium)
CVSS3.1: AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

5.6 (Medium)
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products and Mitigation

AMD recommends updating to the SEV firmware version indicated below.

Note: Mitigation of this vulnerability requires both a SEV firmware update and an OS-specific update.  Mitigations may be deployed in any order, but both are required. Mitigation also requires SNP guest shutdown and reinitialization.

For mitigations requiring operating system (OS) updates, AMD recommends consulting with your operating system vendor’s documentation for information on how to enable the OS portion of the mitigation. 

*Note: Products believed to not be affected by the listed CVEs may not be included.  

AMD EPYC™ Series Processors

Please Note: OS updates will also be required to mitigate this vulnerability. Please refer to your OSV for additional information.

Product Former Codename Mitigation3 Option 1: SEV FW + OS Option 2: AGESA + OS SEV Mitigation Vector Bit2 Release Date TCB Values for SNP Attestation
AMD EPYC™ 7001 Series Processors “Naples” Not Affected N/A N/A N/A
AMD EPYC™ 7002 Series Processors “Rome” Not Affected N/A N/A N/A
AMD EPYC™ 7003 Series Processors “Milan” “Milan-X” Option 1: - SEV FW 1.37.23 + OS Update1 2 2025-07-03 TCB[SNP]>=0x1B
Option 2: - Milan PI_1.0.0.H + OS Update1 2025-09-04
AMD EPYC™ 8004 Series Processors “Siena” “Genoa” “Genoa-X” “Bergamo” Option 1: - SEV FW 1.37.31 + OS Update1 2 2025-06-27 TCB[SNP]>=0x1B
AMD EPYC™ 9004 Series Processors Option 2: - GenoaPI_1.0.0.G + OS Update1

[1] For mitigations requiring Operating System (OS) updates, AMD recommends consulting with your Operating System vendor’s documentation for information on how to enable the OS portion of the mitigation.

[2] For more information please reference the SEV Secure Nested Paging Firmware ABI Specification (document 56860) available on https://www.amd.com/en/developer/sev.html

SEV Table
CVE ID SEV SEV-ES SEV-SNP
CVE-2023-20585 N N Y
AMD EPYC™ Embedded Series Processors

Please Note: OS updates will also be required to mitigate this vulnerability. Please refer to your OSV for additional information.

Product Mitigation Release Date
AMD EPYC™ 7003 Embedded Series Processors EmbMilanPI-SP3 1.0.0.B + OS Update 2025-04-30
AMD EPYC™ 9004 Embedded Series Processors EmbGenoaPI-1.0.0.A + OS Update 2025-05-02

Acknowledgement 

CVE-2023-20585 was internally found

Revisions

Revision Date Description
2026-04-14 Initial publication

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, EPYC and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.

© 2026 Advanced Micro Devices, Inc. All rights reserved.