UBUNTU-CVE-2023-20585

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2023-20585

Published: 16 Apr 2026, 19:16

Last modified:20 May 2026, 16:13

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.6 MEDIUM

4.0 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Apr 2026, 19:16

Published

Vulnerability first disclosed

20 May 2026, 16:13

Last Modified

Vulnerability information updated

Description

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.

CVSS Metrics

v4.0•MEDIUM•Score: 5.6CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Systems

ubuntu•amd64-microcode
all | all | all | all | all | all | all

References (3)

https://ubuntu.com/security/CVE-2023-20585
https://www.cve.org/CVERecord?id=CVE-2023-20585
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3016.html