CVE-2023-20555
CVE-2023-20555
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
08 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insufficient input validation in
CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting
an arbitrary bit in an attacker-controlled pointer potentially leading to
arbitrary code execution in SMM.
Affected products
AMD · Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso”AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD · Ryzen™ 3000 Series Desktop Processors “Matisse” AM4AMD · Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso”AMD · Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5AMD · Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6AMD · Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4AMD · Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD · Ryzen™ 6000 Series Mobile Processors "Rembrandt"AMD · Ryzen™ 7000 Series Processors “Raphael”AMD · Ryzen™ 7020 Series Mobile Processors “Mendocino”AMD · Ryzen™ 7030 Series Mobile Processors “Barcelo”Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →