CVE-2023-20587 — Improper Access Control in AMD 1ST GEN AMD Epyc Processors

CWE-284 — Improper Access Control4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.0%

top 89.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 1ST GEN AMD Epyc Processors AMD 2ND GEN AMD Epyc Processors AMD 3RD GEN AMD Epyc Processors +5 more

Timeline

PublishedFeb 13

Description

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages8 packages

▶CVEListV5amd/amd_epyc_embedded_3000various

▶CVEListV5amd/amd_epyc_embedded_7002various

▶CVEListV5amd/amd_epyc_embedded_7003various

▶CVEListV5amd/amd_epyc_embedded_9003various

▶CVEListV5amd/1st_gen_amd_epyc_processorsvarious

🔴Vulnerability Details

CVEList

CVE-2023-20587: Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution↗2024-02-13

▶

GHSA

GHSA-3jmf-c2v9-xc39: Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution↗2024-02-13

▶

📋Vendor Advisories

Red Hat

hw: amd: failure to sanitize input in SMM↗2024-02-13

▶