CVE-2023-20597

CWE-824CWE-6653 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 80.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
111
AMD Ryzen™ 3000 Series Desktop Processors “matisse”AMD Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “cezanne”AMD Ryzen™ 5000 Series Desktop Processors “vermeer”+108 more
Timeline
PublishedSep 20

Description

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages111 packages

NVDamd/ryzen_3100_firmwarecomboam4pi_1.0.0.9, comboam4v2pi_1.2.0.8+1
NVDamd/ryzen_3500_firmwarecomboam4pi_1.0.0.9, comboam4v2pi_1.2.0.8+1
NVDamd/ryzen_3600_firmwarecomboam4pi_1.0.0.9, comboam4v2pi_1.2.0.8+1
NVDamd/ryzen_3900_firmwarecomboam4pi_1.0.0.9, comboam4v2pi_1.2.0.8+1
NVDamd/ryzen_5500_firmwarecezannepi-fp6_1.0.0.b, comboam4v2pi_1.2.0.8+1

🔴Vulnerability Details

2
GHSA
GHSA-8prm-gh76-rq38: Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access2023-09-20
CVEList
CVE-2023-20597: Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access2023-09-20
CVE-2023-20597 (MEDIUM CVSS 5.5) | Improper initialization of variable | cvebase.io