CVE-2023-20563 — Improper Privilege Management in AMD Ryzen 3 5100 Firmware

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 65.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Ryzen 3 5100 Firmware AMD Ryzen 3 5125c Firmware AMD Ryzen 3 5300g Firmware +80 more

Timeline

PublishedNov 14

Description

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages83 packages

▶NVDamd/ryzen_3_5100_firmware< comboam4v2_1.2.0.b

▶NVDamd/ryzen_5_5500_firmware< comboam4v2_1.2.0.b

▶NVDamd/ryzen_5_7600_firmware< comboam5_1.0.7.0

▶NVDamd/ryzen_7_5700_firmware< comboam4v2_1.2.0.b

▶NVDamd/ryzen_7_7700_firmware< comboam5_1.0.7.0

🔴Vulnerability Details

GHSA

GHSA-cjh4-hrfc-4xj7: Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access↗2023-11-14

▶

CVEList

CVE-2023-20563: Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access↗2023-11-14

▶