CVE-2023-20578

CWE-3673 documents3 sources
Severity
6.4MEDIUM
EPSS
0.1%
top 77.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
105
AMD Epyc 7001 FirmwareAMD Epyc 7203 FirmwareAMD Epyc 7203p Firmware+102 more
Timeline
PublishedAug 13

Description

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages105 packages

NVDamd/epyc_7001_firmware< naplespi_1.0.0.k
NVDamd/epyc_7203_firmware< milanpi_1.0.0.5
NVDamd/epyc_7251_firmware< naplespi_1.0.0.k
NVDamd/epyc_7252_firmware< romepi_1.0.0.g
NVDamd/epyc_7261_firmware< naplespi_1.0.0.k

🔴Vulnerability Details

2
GHSA
GHSA-3phx-v48r-rmwc: A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the commun2024-08-13
CVEList
CVE-2023-20578: A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the commun2024-08-13
CVE-2023-20578 (MEDIUM CVSS 6.4) | A TOCTOU (Time-Of-Check-Time-Of-Use | cvebase.io