CVE-2023-20597
N/A
N/A
Summary
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” | various | affected |
| AMD | Ryzen™ 5000 Series Desktop Processors “Vermeer” | various | affected |
| AMD | Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” | various | affected |
| AMD | Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT | various | affected |
| AMD | Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 | various | affected |
| AMD | Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 | various | affected |
| AMD | Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics “Rembrandt” | various | affected |
| AMD | Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics “Rembrandt-R” | various | affected |
| AMD | Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Barcelo” | various | affected |
| AMD | Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” | various | affected |
| AMD | AMD EPYC™ Embedded 7003 | EmbMilanPI-SP3 1.0.0.6 | unaffected |
| AMD | AMD Ryzen™ Embedded 5000 | EmbAM4PI 1.0.0.2 | unaffected |
| AMD | AMD Ryzen™ Embedded V2000 | EmbeddedPI-FP6 1.0.0.8 | unaffected |
| AMD | AMD Ryzen™ Embedded V3000 | EmbeddedPI-FP7r2 1.0.0.4 | unaffected |
Weaknesses
- CWE-824: CWE-824 Access of Uninitialized Pointer
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.