CVE-2023-20558

Summary

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 2000 Seriesvariousaffected
AMDRyzen™ 3000 Seriesvariousaffected
AMDRyzen™ 4000 Seriesvariousaffected
AMDRyzen™ 5000 Seriesvariousaffected
AMD2nd Gen AMD Ryzen™ Threadripper™ ProcessorVariousaffected
AMD3rd Gen AMD Ryzen™ Threadripper™ Processorsvariousaffected
AMDRyzen™ Threadripper™ PRO Processorvariousaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References