CVE-2023-20571

CWE-362Race Condition3 documents3 sources
Severity
8.1HIGH
EPSS
0.4%
top 37.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
79
AMD Ryzen 3 5100 FirmwareAMD Ryzen 3 5125c FirmwareAMD Ryzen 3 5300g Firmware+76 more
Timeline
PublishedNov 14

Description

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages79 packages

NVDamd/ryzen_3_5100_firmware< comboam4v2_1.2.0.b
NVDamd/ryzen_5_5500_firmware< comboam4v2_1.2.0.b
NVDamd/ryzen_5_7600_firmware< comboam5_1.0.7.0
NVDamd/ryzen_7_5700_firmware< comboam4v2_1.2.0.b
NVDamd/ryzen_7_7700_firmware< comboam5_1.0.7.0

🔴Vulnerability Details

2
GHSA
GHSA-3x8j-5c5c-jh43: A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resul2023-11-14
CVEList
CVE-2023-20571: A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resul2023-11-14
CVE-2023-20571 (HIGH CVSS 8.1) | A race condition in System Manageme | cvebase.io