CVE-2023-20533

CVSS 6.1 MEDIUMEPSS 0.5%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

14 Nov 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H

Affected products

AMD · 2nd Gen AMD EPYC™ Processors AMD · 3rd Gen AMD EPYC™ Processors AMD · AMD EPYC™ Embedded 7002 AMD · AMD EPYC™ Embedded 7002 AMD · AMD EPYC™ Embedded 7003 AMD · AMD EPYC™ Embedded 7003 AMD · AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD · AMD Ryzen™ Embedded 5000 AMD · AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT AMD · AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS AMD · AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 AMD · Ryzen™ 3000 series Desktop Processors “Matisse"

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001