CVE-2023-20594

CWE-824CWE-6653 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 82.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
140
AMD 3RD GEN AMD Epyc™ ProcessorsAMD Ryzen™ 3000 Series Desktop Processors “matisse”AMD Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics “renoir” AM4+137 more
Timeline
PublishedSep 20

Description

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages140 packages

NVDamd/epyc_7003_firmwaremilanpi_1.0.0.a
NVDamd/epyc_72f3_firmwaremilanpi_1.0.0.a
NVDamd/epyc_7313_firmwaremilanpi_1.0.0.a
NVDamd/epyc_7343_firmwaremilanpi_1.0.0.a
NVDamd/epyc_73f3_firmwaremilanpi_1.0.0.a

🔴Vulnerability Details

2
CVEList
CVE-2023-20594: Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access2023-09-20
GHSA
GHSA-f4mr-h274-9w8h: Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access2023-09-20
CVE-2023-20594 (MEDIUM CVSS 4.4) | Improper initialization of variable | cvebase.io