Improper Variable Initialization in AMD DXE Driver
CVE-2023-20594

4.4MEDIUM

Key Information:

Vendor: AMD
Status: Ryzen™ 3000 Series Desktop Processors “Matisse”; Ryzen™ 5000 Series Desktop Processors “Vermeer”; Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”; Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-20594?

The vulnerability arises from improper variable initialization in the DXE driver, which may enable a privileged user to exploit this flaw and potentially leak sensitive information through local access. Organizations using affected versions of the AMD DXE driver should apply the latest security patch to mitigate the risk of information exposure.

Affected Version(s)

3rd Gen AMD EPYC™ Processors x86 various

Ryzen™ 3000 Series Desktop Processors “Matisse” x86 various

Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4 x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Oct 27, 2022