CVE-2023-20585
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Awaiting Analysis
Published: 16 Apr 2026, 18:42
Last modified:16 Apr 2026, 19:12
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.6 MEDIUM
v4.0 (cve.org)
EPSS Score
0.1% LOW
0% probability +0.08%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Apr 2026, 18:42
Published
Vulnerability first disclosed
16 Apr 2026, 19:12
Last Modified
Vulnerability information updated
Description
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.
CVSS Metrics
- v4.0•MEDIUM•Score: 5.6CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
- v4.0•MEDIUM•Score: 5.6CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Trends
Current EPSS score: 0.10%• Percentile: 1%
Techniques & Countermeasures
- CWE-788•Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.