CVE-2023-20533

3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 84.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Epyc 7203 Firmware AMD Epyc 7203p Firmware AMD Epyc 7232p Firmware +75 more

Timeline

PublishedNov 14

Description

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:HExploitability: 0.8 | Impact: 4.7

Affected Packages78 packages

▶NVDamd/ryzen_threadripper_3960x_firmware< castlepeakpi-sp3r3_1.0.0.8

▶NVDamd/ryzen_threadripper_3970x_firmware< castlepeakpi-sp3r3_1.0.0.8

▶NVDamd/ryzen_threadripper_3990x_firmware< castlepeakpi-sp3r3_1.0.0.8

▶NVDamd/ryzen_threadripper_pro_3995wx_firmware< chagallwspi-swrx8_1.0.0.5

▶CVEListV5amd/amd_ryzen™_threadripper™_pro_processors_“castle_peak”_ws_sp3various

🔴Vulnerability Details

CVEList

CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially↗2023-11-14

▶

GHSA

GHSA-5pq2-w3x5-q9f2: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially↗2023-11-14

▶