Insufficient Protections in SMM Code in AMD Products
CVE-2023-20565

7.8HIGH

Key Information:

Vendor: AMD
Status: Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”; Ryzen™ 7000 Series Desktop Processors “Raphael” XD3; AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"; AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”
Vendor: CVE Published:; 14 November 2023

Summary

The identified vulnerability arises from inadequate protections within the System Management Mode (SMM) code utilized by AMD products. This security flaw could potentially be exploited by attackers with local access, enabling them to elevate their privileges on the affected system. It is crucial for users and administrators to be aware of this issue and to follow best practices for securing their environments against possible exploitation.

Affected Version(s)

Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8 x86 various

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo” x86 various

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt" x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 27, 2022