CVE-2023-20571

UNKNOWN

Published 2023-11-14T18:55:02.307Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-20571. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

AMD

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected Versions:

various

AMD

Ryzen™ 7000 Series Desktop Processors “Raphael” XD3

Affected Versions:

various

AMD

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”

Affected Versions:

various

AMD

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"

Affected Versions:

various

AMD

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”

Affected Versions:

various

AMD

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”

Affected Versions:

various

AMD

AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”

Affected Versions:

various

AMD

Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8

Affected Versions:

various

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-3x8j-5c5c-jh43

Advisory Details

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-20571

WEB https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

Advisory provided by GitHub Security Advisory Database. Published: November 14, 2023, Modified: November 28, 2023

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

Published: 2023-11-14T18:55:02.307Z

Last Modified: 2024-08-02T09:05:45.850Z

Copied to clipboard!

CVE-2023-20571

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”

Affected Versions:

Ryzen™ 7000 Series Desktop Processors “Raphael” XD3

Affected Versions:

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”

Affected Versions:

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"

Affected Versions:

AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”

Affected Versions:

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”

Affected Versions:

AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”

Affected Versions:

Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!