Insufficient Protections in System Management Mode Affects AMD Products
CVE-2023-20563

7.8HIGH

Key Information:

Vendor: Amd
Status: Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”; Ryzen™ 7000 Series Desktop Processors “raphael” Xd3; Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “cezanne”; Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics "rembrandt"
Vendor: CVE Published:; 14 November 2023

Summary

The identified vulnerability arises from inadequate security measures in the System Management Mode (SMM) code of AMD processors. This oversight may permit attackers with local access to escalate their privileges, potentially compromising system integrity. To mitigate risks, users are advised to apply the latest patches and follow guidelines provided by AMD to enhance their security posture against such exploitation.

Affected Version(s)

AMD Ryzen™ Embedded 5000 various

AMD Ryzen™ Embedded R1000 various

AMD Ryzen™ Embedded R2000 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 27, 2022