Improper Validation of Specified Quantity in Input

CVE-2023-20582

Medium

5.3/10

Summary

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-1284 - Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References

Advisory Timeline

Published Feb 11, 2025

Improper Validation of Specified Quantity in Input

CVE-2023-20582

Summary

CWE-1284 - Improper Validation of Specified Quantity in Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS