Race Condition Vulnerability in System Management Mode Affecting AMD Products
CVE-2023-20571

8.1HIGH

Key Information:

Vendor: AMD
Status: Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”; Ryzen™ 7000 Series Desktop Processors “Raphael” XD3; Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”; AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"
Vendor: CVE Published:; 14 November 2023

Summary

A race condition vulnerability exists in the System Management Mode (SMM) code of various AMD processors. An attacker with access to a compromised user space can exploit this vulnerability in conjunction with CVE-2018-8897, potentially leading to privilege escalation. This may allow the attacker to gain higher access levels within the system, making it crucial for users to apply the necessary security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8 x86 various

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo” x86 various

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt" x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 27, 2022