Attackers Can Modify Communications Buffer for Arbitrary Code Execution
CVE-2023-20578
7.5HIGH
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 7001 Processors
- Amd Epyc™ 7002 Processors
- Amd Epyc™ 7003 Processors
- Amd Epyc™ 9004 Processors
- Vendor
- CVE Published:
- 13 August 2024
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
Affected Version(s)
AMD EPYC™ 7001 Processors <= NaplesPI 1.0.0.K
AMD EPYC™ 7002 Processors <= RomePI 1.0.0.G
AMD EPYC™ 7003 Processors <= MilanPI 1.0.0.B
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database