CVE-2023-20587

Summary

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

Affected Software

VendorProductVersion RangeStatus
AMD3rd Gen AMD EPYC™ Processorsvariousaffected
AMD4th Gen AMD EPYC™ Processorsvariousaffected
AMD1st Gen AMD EPYC™ Processorsvariousaffected
AMD2nd Gen AMD EPYC™ Processorsvariousaffected
AMDAMD EPYC(TM) Embedded 3000variousaffected
AMDAMD EPYC(TM) Embedded 7002variousaffected
AMDAMD EPYC(TM) Embedded 7003variousaffected
AMDAMD EPYC(TM) Embedded 9003variousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References