CVE-2023-20597

CVE-2023-20597

EPSS 0.2%CWE-824

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 set 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Produtos afetados

AMD · AMD EPYC™ Embedded 7003 AMD · AMD Ryzen™ Embedded 5000 AMD · AMD Ryzen™ Embedded V2000 AMD · AMD Ryzen™ Embedded V3000 AMD · Ryzen™ 3000 Series Desktop Processors “Matisse”AMD · Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD · Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo"AMD · Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt"AMD · Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD · Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R"AMD · Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT AMD · Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 AMD · Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007