{"Arbitrary Code Execution Vulnerability in SMM's SPI Flash"}
CVE-2023-20587

Currently unrated

Key Information:

Vendor: AMD
Status: 3rd Gen AMD EPYC™ Processors; 4th Gen AMD EPYC™ Processors; 1st Gen AMD EPYC™ Processors; 2nd Gen AMD EPYC™ Processors
Vendor: CVE Published:; 13 February 2024

Summary

An improper access control vulnerability in AMD's System Management Mode (SMM) may allow attackers unauthorized access to system components, specifically targeting the Serial Peripheral Interface (SPI) flash. This exploitation can potentially lead to arbitrary code execution, granting attackers elevated privileges and the ability to execute malicious code within the system. It is crucial for users and organizations utilizing AMD products to review their systems and apply necessary mitigations as outlined in AMD's security advisory.

Affected Version(s)

1st Gen AMD EPYC™ Processors various

2nd Gen AMD EPYC™ Processors x86 various

3rd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Oct 27, 2022

Collectors

NVD DatabaseMitre Database