Description
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.
Published: 2026-04-16
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential loss of guest integrity due to out‑of‑bounds host buffer access
Action: Assess Impact
AI Analysis

Impact

The vulnerability stems from insufficient checks of the RMP on host buffer access in the IOMMU. A privileged attacker who has already compromised the hypervisor can trigger an out‑of‑bounds condition that bypasses RMP checks, leading to a potential loss of confidential guest integrity. The description does not state other impacts such as privilege escalation or data read/write beyond the loss of integrity.

Affected Systems

The flaw affects AMD EPYC 7003 Series Processors, AMD EPYC 9004 Series Processors, AMD EPYC Embedded 7003 Series Processors, and AMD EPYC Embedded 9004 Series Processors. No specific firmware or minor version details are provided, so all processors listed are considered potentially vulnerable.

Risk and Exploitability

A CVSS score of 5.6 indicates medium severity. No EPSS score is available and the vulnerability is not listed in CISA's KEV catalog, implying limited public exploitation. Exploitation requires a hypervisor that has already been compromised and sufficient privileges to direct host buffer accesses, which reduces the potential scope of broad attacks but still presents a meaningful risk to virtualized environments using these processors.

Generated by OpenCVE AI on April 17, 2026 at 02:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any AMD firmware or BIOS update that fixes the RMP check flaw for the affected EPYC processors
  • Restrict hypervisor privilege levels to reduce the possibility that a privileged attacker can direct host buffer accesses
  • Configure host and guest logging to capture anomalous buffer access events and investigate suspicious activity

Generated by OpenCVE AI on April 17, 2026 at 02:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Amd
Amd epyc 7003 Series Processors
Amd epyc 9004 Series Processors
Amd epyc Embedded 7003 Series Processors
Amd epyc Embedded 9004 Series Processors
Vendors & Products Amd
Amd epyc 7003 Series Processors
Amd epyc 9004 Series Processors
Amd epyc Embedded 7003 Series Processors
Amd epyc Embedded 9004 Series Processors

Fri, 17 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Insufficient RMP Checks in IOMMU Allow Host Buffer Out‑of‑Bounds Access

Thu, 16 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Description Insuffient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised HV to trigger an out of bounds condition without RMP checks resulting in a potential loss of confidential guest integrity. Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.

Thu, 16 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Insuffient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised HV to trigger an out of bounds condition without RMP checks resulting in a potential loss of confidential guest integrity.
Weaknesses CWE-788
References
Metrics cvssV4_0

{'score': 5.6, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Amd Epyc 7003 Series Processors Epyc 9004 Series Processors Epyc Embedded 7003 Series Processors Epyc Embedded 9004 Series Processors
cve-icon MITRE

Status: PUBLISHED

Assigner: AMD

Published:

Updated: 2026-04-16T19:12:06.991Z

Reserved: 2022-10-27T18:53:39.759Z

Link: CVE-2023-20585

cve-icon Vulnrichment

Updated: 2026-04-16T18:58:11.213Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-16T19:16:31.430

Modified: 2026-04-17T15:14:05.510

Link: CVE-2023-20585

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T15:00:09Z

Weaknesses