Improper Variable Initialization in AMD DXE Driver
CVE-2023-20597

5.5MEDIUM

Key Information:

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse”; Ryzen™ 5000 Series Desktop Processors “vermeer”; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”; Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-20597?

A vulnerability has been identified in the AMD DXE Driver due to improper initialization of variables. This flaw permits a privileged user to exploit local access, potentially allowing them to leak sensitive information. Addressing this issue is critical to maintaining data confidentiality and user trust.

Affected Version(s)

AMD EPYC™ Embedded 7003 EmbMilanPI-SP3 1.0.0.6

AMD Ryzen™ Embedded 5000 EmbAM4PI 1.0.0.2

AMD Ryzen™ Embedded V2000 EmbeddedPI-FP6 1.0.0.8

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Oct 27, 2022

Amd

What is CVE-2023-20597?

Affected Version(s)

References

CVSS V3.1

Timeline