CVE-2023-20558

Description

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

AMD / 2nd Gen AMD Ryzen™ Threadripper™ ProcessorVarious – Various
AMD / 3rd Gen AMD Ryzen™ Threadripper™ Processorsvarious – various
AMD / Ryzen™ 2000 Seriesvarious – various
AMD / Ryzen™ 3000 Seriesvarious – various
AMD / Ryzen™ 4000 Seriesvarious – various
AMD / Ryzen™ 5000 Seriesvarious – various
AMD / Ryzen™ Threadripper™ PRO Processorvarious – various

References

MISChttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html