cbcvebase.
CVE-2023-20558
published 2023-04-02

CVE-2023-20558: Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

Affected

81 ranges· showing 25
VendorProductVersion rangeFixed in
amd2nd_gen_amd_ryzen_threadripper_processor
amd3rd_gen_amd_ryzen_threadripper_processors
amdryzen_2000_series
amdryzen_3000_series
amdryzen_3_2200u_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_3_2300u_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_3_3300x_firmware< comboam4_v2_pi_1.2.0.6ccomboam4_v2_pi_1.2.0.6c
amdryzen_3_4300g_firmware< renoirpi-fp6_1.0.0.7renoirpi-fp6_1.0.0.7
amdryzen_3_4300ge_firmware< renoirpi-fp6_1.0.0.7renoirpi-fp6_1.0.0.7
amdryzen_3_5125c_firmware< cezannepi-fp6_1.0.0.9cezannepi-fp6_1.0.0.9
amdryzen_3_5300g_firmware< comboam4_v2_pi_1.2.0.6ccomboam4_v2_pi_1.2.0.6c
amdryzen_3_5300ge_firmware< comboam4_v2_pi_1.2.0.6ccomboam4_v2_pi_1.2.0.6c
amdryzen_3_5400u_firmware< cezannepi-fp6_1.0.0.9cezannepi-fp6_1.0.0.9
amdryzen_3_5425c_firmware< cezannepi-fp6_1.0.0.9cezannepi-fp6_1.0.0.9
amdryzen_3_5425u_firmware< cezannepi-fp6_1.0.0.9cezannepi-fp6_1.0.0.9
amdryzen_4000_series
amdryzen_5000_series
amdryzen_5_2500u_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_5_2600_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_5_2600h_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_5_2600x_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_5_2700_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_5_2700x_firmware< comboam4v2_pi_1.2.0.6ccomboam4v2_pi_1.2.0.6c
amdryzen_5_3500_firmware< comboam4_v2_pi_1.2.0.6ccomboam4_v2_pi_1.2.0.6c
amdryzen_5_3500x_firmware< comboam4_v2_pi_1.2.0.6ccomboam4_v2_pi_1.2.0.6c