CVE-2023-20579

CWE-284Improper Access Control4 documents4 sources
Severity
6.0MEDIUM
EPSS
0.0%
top 99.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
143
AMD Ryzen 3 3200u FirmwareAMD Ryzen 3 3250c FirmwareAMD Ryzen 3 3250u Firmware+140 more
Timeline
PublishedFeb 13

Description

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages143 packages

NVDamd/ryzen_5_7600_firmware< comboam5_1.0.8.0
NVDamd/ryzen_7_7700_firmware< comboam5_1.0.8.0
NVDamd/ryzen_9_7900_firmware< comboam5_1.0.8.0
NVDamd/ryzen_3_3200u_firmware< cezannepi-fp6_1.0.1.0
NVDamd/ryzen_3_3250c_firmware< cezannepi-fp6_1.0.1.0

🔴Vulnerability Details

2
CVEList
CVE-2023-20579: Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentiall2024-02-13
GHSA
GHSA-263h-mwf7-v6rq: Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentiall2024-02-13

📋Vendor Advisories

1
Red Hat
hw: amd: SPI bypass2024-02-13
CVE-2023-20579 (MEDIUM CVSS 6) | Improper Access Control in the AMD | cvebase.io