CVE-2023-20555

UNKNOWN

Published 2023-08-08T17:07:24.476Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-20555. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Insufficient input validation in
CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting
an arbitrary bit in an attacker-controlled pointer potentially leading to
arbitrary code execution in SMM.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

AMD

Ryzen™ 3000 Series Desktop Processors “Matisse” AM4

Affected Versions:

various

AMD

Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4

Affected Versions:

various

AMD

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4

Affected Versions:

various

AMD

Ryzen™ 7000 Series Processors “Raphael”

Affected Versions:

various

AMD

Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso”

Affected Versions:

various

AMD

Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5

Affected Versions:

various

AMD

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5

Affected Versions:

various

AMD

Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”

Affected Versions:

various

AMD

Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso”

Affected Versions:

various

AMD

Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6

Affected Versions:

various

AMD

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”

Affected Versions:

various

AMD

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”

Affected Versions:

various

AMD

Ryzen™ 6000 Series Mobile Processors "Rembrandt"

Affected Versions:

various

AMD

Ryzen™ 7030 Series Mobile Processors “Barcelo”

Affected Versions:

various

AMD

Ryzen™ 7020 Series Mobile Processors “Mendocino”

Affected Versions:

various

amd

ryzen_3000_series_desktop_processors

Affected Versions:

V1-1.0.0.A

amd

ryzen_5000_series_desktop_processors

Affected Versions:

V2-PI_1.2.0.A

amd

ryzen_7000_series_desktop_processors

Affected Versions:

1.0.0.6

amd

athlon_3000g

Affected Versions:

1.0.0.A 1.2.0.A

amd

ryzen_4000_series_desktop_processors_with_radeon_graphics

Affected Versions:

1.2.0.A

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-vcw6-g65p-gcjw

Advisory Details

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-20555

WEB https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003

Advisory provided by GitHub Security Advisory Database. Published: August 8, 2023, Modified: April 4, 2024

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003

Published: 2023-08-08T17:07:24.476Z

Last Modified: 2024-10-24T14:36:35.845Z

Copied to clipboard!

CVE-2023-20555

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!