Improper Variable Initialization in AMD DXE Driver
CVE-2023-20597

5.5MEDIUM

Key Information:

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors “matisse”; Ryzen™ 5000 Series Desktop Processors “vermeer”; Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”; Ryzen™ Threadripper™ 3000 Series Processors “castle Peak” Hedt
Vendor: CVE Published:; 20 September 2023

Summary

A vulnerability has been identified in the AMD DXE Driver due to improper initialization of variables. This flaw permits a privileged user to exploit local access, potentially allowing them to leak sensitive information. Addressing this issue is critical to maintaining data confidentiality and user trust.

Affected Version(s)

Ryzen™ 3000 Series Desktop Processors “Matisse” x86 various

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” x86 various

Ryzen™ 5000 Series Desktop Processors “Vermeer” x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Oct 27, 2022