CVE-2023-20597

Summary

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 3000 Series Desktop Processors “Matisse”variousaffected
AMDRyzen™ 5000 Series Desktop Processors “Vermeer”variousaffected
AMDRyzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”variousaffected
AMDRyzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTvariousaffected
AMDRyzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3variousaffected
AMDRyzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3variousaffected
AMDRyzen™ 6000 Series Mobile Processors with Radeon™ Graphics “Rembrandt”variousaffected
AMDRyzen™ 7035 Series Mobile Processors with Radeon™ Graphics “Rembrandt-R”variousaffected
AMDRyzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Barcelo”variousaffected
AMDRyzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”variousaffected
AMDAMD EPYC™ Embedded 7003EmbMilanPI-SP3 1.0.0.6unaffected
AMDAMD Ryzen™ Embedded 5000EmbAM4PI 1.0.0.2unaffected
AMDAMD Ryzen™ Embedded V2000EmbeddedPI-FP6 1.0.0.8unaffected
AMDAMD Ryzen™ Embedded V3000EmbeddedPI-FP7r2 1.0.0.4unaffected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References