CVE-2023-20571

8.1HIGH

Key Information:

Vendor: AMD
Status: Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”; Ryzen™ 7000 Series Desktop Processors “Raphael” XD3; Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”; AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"
Vendor: CVE Published:; 14 November 2023

Summary

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

Affected Version(s)

Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8 x86 various

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo” x86 various

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt" x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 27, 2022

Collectors

NVD DatabaseMitre Database