CVE-2023-20559
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
Affected (89)
Products: Amd: Ryzen 7 5700g Firmware, Ryzen 7 5700ge Firmware, Ryzen 5 5600g Firmware, Ryzen 5 5600ge Firmware, Ryzen 3 5300g Firmware, Ryzen 3 5300ge Firmware, Ryzen 9 5980hx Firmware, Ryzen 9 5980hs Firmware, Ryzen 7 5825u Firmware, Ryzen 9 5900hx Firmware, Ryzen 9 5900hs Firmware, Ryzen 7 5825c Firmware, Ryzen 7 5800h Firmware, Ryzen 5 5625u Firmware, Ryzen 7 5800hs Firmware, Ryzen 5 5625c Firmware, Ryzen 5 5600h Firmware, Ryzen 5 5600hs Firmware, Ryzen 7 5800u Firmware, Ryzen 5 5600u Firmware, Ryzen 5 5560u Firmware, Ryzen 3 5425u Firmware, Ryzen 3 5425c Firmware, Ryzen 3 5400u Firmware, Ryzen 3 5125c Firmware, Athlon Silver 3050u Firmware, Athlon Gold 3150u Firmware, Ryzen 3 3200u Firmware, Ryzen 3 3250u Firmware, Ryzen 3 3300u Firmware, Ryzen 3 3350u Firmware, Ryzen 3 3450u Firmware, Ryzen 3 3500u Firmware, Ryzen 3 3500c Firmware, Ryzen 3 3550h Firmware, Ryzen 3 3580u Firmware, Ryzen 3 3700u Firmware, Ryzen 3 3700c Firmware, Ryzen 3 3750h Firmware, Ryzen 3 3780u Firmware, Ryzen 3 2200u Firmware, Ryzen 3 2300u Firmware, Ryzen 5 2500u Firmware, Ryzen 5 2600 Firmware, Ryzen 5 2600h Firmware, Ryzen 5 2600x Firmware, Ryzen 5 2700 Firmware, Ryzen 5 2700x Firmware, Ryzen 7 2700 Firmware, Ryzen 7 2700u Firmware, Ryzen 7 2700x Firmware, Ryzen 7 2800h Firmware, Ryzen 3 3300x Firmware, Ryzen 5 3500 Firmware, Ryzen 5 3500x Firmware, Ryzen 5 3600 Firmware, Ryzen 5 3600x Firmware, Ryzen 5 3600xt Firmware, Ryzen 7 3700x Firmware, Ryzen 7 3800x Firmware, Ryzen 7 3800xt Firmware, Ryzen 9 3900 Firmware, Ryzen 9 3900x Firmware, Ryzen 9 3900xt Firmware, Ryzen 9 3950x Firmware, Ryzen 9 Pro 3900 Firmware, Ryzen Threadripper 2990wx Firmware, Ryzen Threadripper 2970wx Firmware, Ryzen Threadripper 2950x Firmware, Ryzen Threadripper 2920x Firmware, Ryzen Threadripper 3990x Firmware, Ryzen Threadripper 3970x Firmware, Ryzen Threadripper 3960x Firmware, Ryzen Threadripper Pro 3795wx Firmware, Ryzen Threadripper Pro 3945wx Firmware, Ryzen Threadripper Pro 3955wx Firmware, Ryzen Threadripper Pro 3975wx Firmware, Ryzen Threadripper Pro 3995wx Firmware, Ryzen Threadripper Pro 5945wx Firmware, Ryzen Threadripper Pro 5955wx Firmware, Ryzen Threadripper Pro 5965wx Firmware, Ryzen Threadripper Pro 5975wx Firmware, Ryzen Threadripper Pro 5995wx Firmware, Ryzen 7 4700g Firmware, Ryzen 7 4700ge Firmware, Ryzen 5 4600g Firmware, Ryzen 5 4600ge Firmware, Ryzen 3 4300g Firmware, Ryzen 3 4300ge Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5700g | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5700ge | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5600g | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5600ge | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 5300g | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 5300ge | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 5980hx | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 5980hs | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5825u | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 5900hx | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 5900hs | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5825c | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5800h | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5625u | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5800hs | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5625c | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5600h | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5600hs | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 5800u | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5600u | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 5560u | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 5425u | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 5425c | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 5400u | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before cezannepi-fp6_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 5125c | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Silver 3050u | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Athlon Gold 3150u | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3200u | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3250u | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3300u | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3350u | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3450u | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3500u | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3500c | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3550h | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3580u | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3700u | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3700c | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3750h | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3780u | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 2200u | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 2300u | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 2500u | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 2600 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 2600h | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 2600x | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 2700 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 2700x | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 2700 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 2700u | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 2700x | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 2800h | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 3300x | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3500 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3500x | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3600 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3600x | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 3600xt | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 3700x | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 3800x | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 3800xt | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 3900 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 3900x | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 3900xt | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 3950x | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before comboam4_v2_pi_1.2.0.6c |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 9 Pro 3900 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before summitpi-sp3r2_1.1.0.5 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 2990wx | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before summitpi-sp3r2_1.1.0.5 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 2970wx | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before summitpi-sp3r2_1.1.0.5 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 2950x | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before summitpi-sp3r2_1.1.0.5 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 2920x | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakpi-sp3r3_1.0.0.6 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 3990x | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakpi-sp3r3_1.0.0.6 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 3970x | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakpi-sp3r3_1.0.0.6 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper 3960x | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 3795wx | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 3945wx | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 3955wx | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 3975wx | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 3995wx | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 5945wx | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 5955wx | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 5965wx | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 5975wx | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before castlepeakwspi-swrx8_1.0.0.9 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen Threadripper Pro 5995wx | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before renoirpi-fp6_1.0.0.7 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 4700g | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before renoirpi-fp6_1.0.0.7 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 7 4700ge | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before renoirpi-fp6_1.0.0.7 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 4600g | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before renoirpi-fp6_1.0.0.7 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 5 4600ge | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before renoirpi-fp6_1.0.0.7 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 4300g | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before renoirpi-fp6_1.0.0.7 |
| Running on/with | Platform Versions |
|---|---|
Amd Ryzen 3 4300ge | All versions |
References (2)
Source: psirt@amd.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.