Bug 1218758 (CVE-2023-20573) - VUL-0: CVE-2023-20573: kernel-firmware: AMD Secure Nested Paging Debug Exception
Summary: VUL-0: CVE-2023-20573: kernel-firmware: AMD Secure Nested Paging Debug Exception
Status: RESOLVED WONTFIX
Alias: CVE-2023-20573
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Takashi Iwai
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/390878/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-12 09:12 UTC by SMASH SMASH
Modified: 2024-01-18 10:16 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-01-12 09:12:50 UTC 
A privileged attacker
can prevent delivery of debug exceptions to SEV-SNP guests potentially
resulting in guests not receiving expected debug information.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20573
https://www.cve.org/CVERecord?id=CVE-2023-20573
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006
https://bugzilla.redhat.com/show_bug.cgi?id=2253702
Comment 1 Takashi Iwai 2024-01-17 14:59:16 UTC 
The update to the latest version 2023.11.30 was submitted to TW.
Comment 2 Takashi Iwai 2024-01-17 15:02:36 UTC 
Bah, sorry, a wrong bug entry.

For this one, there is too little information.  Is the fixed firmware already available?
Comment 3 Takashi Iwai 2024-01-17 15:04:50 UTC 
The AMD bulletin says:
"""
Mitigation

No mitigation is planned for this issue. SEV-SNP guest that have the alternate injection feature enabled are not affected.
"""

Is it a WONTFIX issue, then?
Comment 4 Marcus Meissner 2024-01-18 10:16:07 UTC 
wontfix.