Improper Input Validation in AMD Products May Lead to Arbitrary Code Execution
CVE-2023-20596

9.8CRITICAL

Key Information:

Vendor: AMD
Status: Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4; Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”; Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3D; Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”
Vendor: CVE Published:; 14 November 2023

Summary

An improper input validation issue within the SMM Supervisor component may allow an attacker with a compromised SMI handler to gain Ring0 access. This elevated access level can potentially lead to arbitrary code execution within the system, posing significant risks to overall system integrity and security. Users and administrators should remain vigilant and apply the latest security updates to mitigate this vulnerability.

Affected Version(s)

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt" x86 various

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R” x86 various

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4 x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 27, 2022