CVE-2023-20533

7.5HIGH

Key Information

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse"; Amd Ryzen™ 5000 Series Desktop Processors “vermeer”; Amd Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt; Amd Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3
Vendor: CVE Published:; 14 November 2023

Summary

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

Affected Version(s)

Ryzen™ 3000 series Desktop Processors “Matisse" = various

AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” = various

AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT = various

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 6.1 - (MEDIUM)
Jun 18, 2024
Vulnerability published.
Nov 14, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database