9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.0%
Bulletin ID: AMD-SB-7011 **Potential Impact:**Loss of confidentiality, integrity, and availability **Severity:**High
External researchers reported a potential vulnerability during SMM Supervisor initialization which may impact some AMD processors.
On systems that do not have Supervisor Mode Execution Prevention (SMEP) and Unprivileged Mode Instruction Prevention (UMIP) enabled, an attacker with a compromised SMI handler may be able to gain Ring0 access due to improper input validation in the SMM supervisor which may lead to loss of confidentiality, integrity, and availability.
Refer to Glossary for explanation of terms
CVE ID | Severity | CVE Description |
---|---|---|
CVE-2023-20596 | High | Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. |
N/A
AMD has released to the Original Equipment Manufacturers (OEM) the Platform Initialization (PI) firmware versions on the dates listed below. Please refer to your OEM for the BIOS update specific to your product.
CVE ID | AMD Ryzen⢠5000 Series Desktop Processor with Radeon⢠Graphics Formerly codenamedâ Cezanneâ AM4 | AMD Ryzen⢠7000 Series Desktop Processors with Radeon⢠Graphics Formerly codenamed âRaphaelâ | AMD Ryzen⢠7000 Series Desktop Processors with Radeon⢠Graphics Formerly codenamed âRaphaelâ X3D |
---|---|---|---|
CVE-2023-20596 | ComboAM4v2 1.2.0.B | ||
(2023-08-25) | ComboAM5PI 1.0.8.0 | ||
(2023-08-29) | ComboAM5PI 1.0.8.0 | ||
(2023-08-29) |
CVE ID | AMD Ryzen⢠5000 Series Mobile Processors with Radeon⢠Graphics Formerly codenamed âCezanneâ | AMD Ryzen⢠6000 Series Processors with Radeon⢠Graphics Formerly âRembrandtâ | AMD Ryzen⢠7035 Series Processors with Radeon⢠Graphics Formerly codenamed âRembrandt Râ | AMD Ryzen⢠7040 Series Mobile Processors with Radeon⢠Graphics Formerly codenamed âPhoenixâ |
---|---|---|---|---|
CVE-2023-20596 | CezannePI-FP6 1.0.0.fa | |||
(2023-08-22) | RembrandtPI-FP7 1.0.0.9b | |||
(2023-09-13) | RembrandtPI-FP7 1.0.0.9b | |||
(2023-09-13) | PhoenixPI-FP8-FP7 1.0.0.2 | |||
(2023-08-02) |
CVE ID | AMD RyzenTM Embedded****V3000 |
---|---|
CVE-2023-20596 | EmbeddedPI-FP7r2 1.0.0.8 |
(2024-01-15) |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.0%