CVE-2022-23830: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2022-23830 is a security vulnerability affecting AMD EPYC processors where the System Management Mode (SMM) configuration may not be immutable when Secure Nested Paging (SNP) is enabled. This vulnerability was disclosed in November 2023 and affects multiple AMD EPYC processor families including 7003 series (Milan) and 9004 series (Genoa) processors (AMD Advisory).

The vulnerability stems from an issue where the SMM configuration lacks proper immutability when SNP is enabled. The severity of this vulnerability has been assessed with different CVSS v3.1 scores: NIST rates it as MEDIUM with a base score of 5.3 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), while AMD rates it as LOW with a base score of 1.9 (Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N) (NVD).

The vulnerability can potentially result in a limited loss of guest memory integrity when exploited. This affects systems where SNP (Secure Nested Paging) is enabled, potentially compromising the security guarantees provided by the virtualization environment (AMD Advisory).

AMD has released firmware updates to address this vulnerability. For Milan processors, the fix is available in version milanpi1.0.0.a and later, while for Genoa processors, the fix is included in version genoapi1.0.0.1 and later (AMD Advisory).