Attackers Can Modify Communications Buffer for Arbitrary Code Execution

CVE-2023-20578

7.5HIGH

Key Information

Vendor: Amd
Status: Amd Epyc™ 7001 Processors; Amd Epyc™ 7002 Processors; Amd Epyc™ 7003 Processors; Amd Epyc™ 9004 Processors
Vendor: CVE Published:; 13 August 2024

Summary

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Affected Version(s)

AMD EPYC™ 7001 Processors <= NaplesPI 1.0.0.K

AMD EPYC™ 7002 Processors <= RomePI 1.0.0.G

AMD EPYC™ 7003 Processors <= MilanPI 1.0.0.B

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database