CVE-2023-20578
Published: Aug 13, 2024
Modified: Mar 18, 2025
CVSS v3.1
7.5
Description
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
| Vendor | Product | Versions |
|---|---|---|
AMD | AMD EPYC™ 7001 Processors | unaffected NaplesPI 1.0.0.K |
AMD | AMD EPYC™ 7002 Processors | unaffected RomePI 1.0.0.G |
AMD | AMD EPYC™ 7003 Processors | unaffected MilanPI 1.0.0.B |
AMD | AMD EPYC™ 9004 Processors | unaffected GenoaPI 1.0.0.2 |
AMD | AMD Ryzen™ 7000 Series Desktop Processors | unaffected ComboAM5 1.0.0.1 |
AMD | AMD Ryzen™ Threadripper™ PRO 5000WX Processors | unaffected ChagallWSPI-sWRX8 1.0.0.7 |
AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics | unaffected MendocinoPI-FT6 1.0.0.0 |
AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics | unaffected RembrandtPI-FP7 1.0.0.9b |
AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics | unaffected RembrandtPI-FP7 1.0.0.9b |
AMD | AMD EPYC™ Embedded 3000 | unaffected SnowyOwl PI 1.1.0.A |
AMD | AMD EPYC™ Embedded 7002 | unaffected EmbRomePI-SP3 1.0.0.A |
AMD | AMD EPYC™ Embedded 7003 | unaffected EmbMilanPI-SP3 1.0.0.7 |
AMD | AMD EPYC™ Embedded 9003 | unaffected EmbGenoaPI-SP5 1.0.0.0 |
AMD | AMD Ryzen™ Embedded 7000 | unaffected EmbeddedAM5PI 1.0.0.0 |
AMD | AMD RyzenTM Embedded V3000 | unaffected EmbeddedPI-FP7r2 1.0.0.8 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now