Insufficient Input Validation in CpmDisplayFeatureSmm of AMD Products
CVE-2023-20555

7.8HIGH

Key Information:

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse” Am4; Ryzen™ 5000 Series Desktop Processors “vermeer” Am4; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne” Am4; Ryzen™ 7000 Series Processors “raphael”
Vendor: CVE Published:; 8 August 2023

Summary

A vulnerability exists in the CpmDisplayFeatureSmm component of AMD products, stemming from insufficient input validation. This flaw could allow attackers to manipulate SMM (System Management Mode) memory by overwriting an arbitrary bit in a pointer that they control. Exploiting this vulnerability could lead to unauthorized code execution within the protected SMM environment, potentially compromising the integrity and confidentiality of the system.

Affected Version(s)

Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” x86 various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” x86 various

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Oct 27, 2022