{"Arbitrary Code Execution Vulnerability in SMM's SPI Flash"}
CVE-2023-20587

7.1HIGH

What is CVE-2023-20587?

An improper access control vulnerability in AMD's System Management Mode (SMM) may allow attackers unauthorized access to system components, specifically targeting the Serial Peripheral Interface (SPI) flash. This exploitation can potentially lead to arbitrary code execution, granting attackers elevated privileges and the ability to execute malicious code within the system. It is crucial for users and organizations utilizing AMD products to review their systems and apply necessary mitigations as outlined in AMD's security advisory.

Affected Version(s)

1st Gen AMD EPYC™ Processors various

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-20587 : {"Arbitrary Code Execution Vulnerability in SMM's SPI Flash"}