cbcvebase.
CVE-2023-20578
published 2024-08-13

CVE-2023-20578: A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications…

medium6.4CVSS 3.1
AVLACHPRHUINSUCHIHAH
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Affected

105 ranges· showing 25
VendorProductVersion rangeFixed in
amdepyc_7001_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7203_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7203p_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7232p_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7251_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7252_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7261_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7262_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7272_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7281_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7282_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_72f3_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7301_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7302_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7302p_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7303_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7303p_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7313_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7313p_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7343_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7351_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7351p_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7352_firmware< romepi_1.0.0.gromepi_1.0.0.g
amdepyc_7371_firmware< naplespi_1.0.0.knaplespi_1.0.0.k
amdepyc_7373x_firmware< milanpi_1.0.0.5milanpi_1.0.0.5