CVE-2023-20555

Summary

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 3000 Series Desktop Processors “Matisse” AM4variousaffected
AMDRyzen™ 5000 Series Desktop Processors “Vermeer” AM4variousaffected
AMDRyzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4variousaffected
AMDRyzen™ 7000 Series Processors “Raphael”variousaffected
AMDAthlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso”variousaffected
AMDRyzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5variousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5variousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”variousaffected
AMDRyzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso”variousaffected
AMDRyzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”variousaffected
AMDRyzen™ 6000 Series Mobile Processors “Rembrandt”variousaffected
AMDRyzen™ 7030 Series Mobile Processors “Barcelo”variousaffected
AMDRyzen™ 7020 Series Mobile Processors “Mendocino”variousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References