CVE-2023-20555
7.8HIGH
Key Information
- Vendor
- AMD
- Status
- Ryzen™ 3000 Series Desktop Processors “Matisse” AM4
- Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4
- Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4
- Ryzen™ 7000 Series Processors “Raphael”
- Vendor
- CVE Published:
- 8 August 2023
Summary
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
Affected Version(s)
Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 <= various
Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 <= various
Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4 <= various
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database