CVE-2023-20594

Summary

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 3000 Series Desktop Processors “Matisse”variousaffected
AMDRyzen™ 5000 Series Desktop Processors “Vermeer”variousaffected
AMDRyzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”variousaffected
AMDRyzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4variousaffected
AMDRyzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3variousaffected
AMDRyzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3variousaffected
AMDRyzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”variousaffected
AMDRyzen™ 6000 Series Mobile Processors with Radeon™ Graphics “Rembrandt”variousaffected
AMDRyzen™ 7035 Series Mobile Processors with Radeon™ Graphics “Rembrandt-R”variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Barcelo”variousaffected
AMDRyzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”variousaffected
AMD3rd Gen AMD EPYC™ Processorsvariousaffected
AMDAMD Ryzen™ Embedded 7000EmbeddedAM5PI 1.0.0.1unaffected
AMDAMD Ryzen™ Embedded V3000Embedded-PI_FP7r2 1.0.0.Bunaffected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References