Lucene search

[email protected]CVE-2023-20555

HistoryAug 08, 2023 - 6:15 p.m.

CVE-2023-20555

2023-08-0818:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-20555

insufficient input validation

cpmdisplayfeaturesmm

smm memory

arbitrary code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Insufficient input validation in
CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting
an arbitrary bit in an attacker-controlled pointer potentially leading to
arbitrary code execution in SMM.

CPENameOperatorVersion
amd:ryzen_3_3300_firmwareamd ryzen 3 3300 firmwareltcomboam4_pi_v1_1.0.0.a
amd:ryzen_3_3300_firmwareamd ryzen 3 3300 firmwareeq-

CPE	Name	Operator	Version
amd:ryzen_3_3300_firmware	amd ryzen 3 3300 firmware	lt	comboam4_pi_v1_1.0.0.a
amd:ryzen_3_3300_firmware	amd ryzen 3 3300 firmware	eq	-

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2023-20555

prion1 amd1 cvelist1 redhatcve1 hp1