CVE-2023-20533
7.5HIGH
Key Information
- Vendor
- Amd
- Status
- Ryzen™ 3000 Series Desktop Processors “matisse"
- Amd Ryzen™ 5000 Series Desktop Processors “vermeer”
- Amd Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt
- Amd Ryzen™ Threadripper™ Pro Processors “castle Peak” Ws Sp3
- Vendor
- CVE Published:
- 14 November 2023
Summary
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
Affected Version(s)
Ryzen™ 3000 series Desktop Processors “Matisse" = various
AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” = various
AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT = various
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 7.5 to: 6.1 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database