{"Arbitrary Code Execution Vulnerability in SMM's SPI Flash"}
CVE-2023-20587

7.1HIGH

Key Information:

Vendor: Amd
Status: 3rd Gen Amd Epyc™ Processors; 4th Gen Amd Epyc™ Processors; 1st Gen Amd Epyc™ Processors; 2nd Gen Amd Epyc™ Processors
Vendor: CVE Published:; 13 February 2024

What is CVE-2023-20587?

An improper access control vulnerability in AMD's System Management Mode (SMM) may allow attackers unauthorized access to system components, specifically targeting the Serial Peripheral Interface (SPI) flash. This exploitation can potentially lead to arbitrary code execution, granting attackers elevated privileges and the ability to execute malicious code within the system. It is crucial for users and organizations utilizing AMD products to review their systems and apply necessary mitigations as outlined in AMD's security advisory.

Affected Version(s)

1st Gen AMD EPYC™ Processors various

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Oct 27, 2022

Amd

What is CVE-2023-20587?

Affected Version(s)

References

CVSS V3.1

Timeline