Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amdAmd.comAMD-SB-7011
HistoryNov 14, 2023 - 12:00 a.m.

AMD SMM Supervisor Vulnerability Security Notice

2023-11-1400:00:00
amd.com
www.amd.com
15
amd
vulnerability
smm supervisor
confidentiality
integrity
availability
security notice
smep
umip
oem
bios update
ryzen™
radeon™ graphics
cezanne
raphael
rembrandt
phoenix
embedded
v3000.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON

Bulletin ID: AMD-SB-7011 **Potential Impact:**Loss of confidentiality, integrity, and availability **Severity:**High

Summary

External researchers reported a potential vulnerability during SMM Supervisor initialization which may impact some AMD processors.

On systems that do not have Supervisor Mode Execution Prevention (SMEP) and Unprivileged Mode Instruction Prevention (UMIP) enabled, an attacker with a compromised SMI handler may be able to gain Ring0 access due to improper input validation in the SMM supervisor which may lead to loss of confidentiality, integrity, and availability.

CVE Details

Refer to Glossary for explanation of terms

CVE ID Severity CVE Description
CVE-2023-20596 High Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

Affected Products

N/A

Mitigation

AMD has released to the Original Equipment Manufacturers (OEM) the Platform Initialization (PI) firmware versions on the dates listed below. Please refer to your OEM for the BIOS update specific to your product.

Desktop

CVE ID AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed“ Cezanne” AM4 AMD Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” AMD Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3D
CVE-2023-20596 ComboAM4v2 1.2.0.B
(2023-08-25) ComboAM5PI 1.0.8.0
(2023-08-29) ComboAM5PI 1.0.8.0
(2023-08-29)

Mobile - AMD Ryzen™ Series

CVE ID AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Cezanne” AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Formerly “Rembrandt“ AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Formerly codenamed “Rembrandt R” AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”
CVE-2023-20596 CezannePI-FP6 1.0.0.fa
(2023-08-22) RembrandtPI-FP7 1.0.0.9b
(2023-09-13) RembrandtPI-FP7 1.0.0.9b
(2023-09-13) PhoenixPI-FP8-FP7 1.0.0.2
(2023-08-02)

Embedded

CVE ID AMD RyzenTM Embedded****V3000
CVE-2023-20596 EmbeddedPI-FP7r2 1.0.0.8
(2024-01-15)

Related

nvd 1
cvelist 1
hp 1
cve 1
prion 1
nvd
nvd
CVE-2023-20596
2023-11-14 19:15:16
cvelist
cvelist
CVE-2023-20596
2023-11-14 18:55:14
hp
hp
AMD SMM Supervisor November 2023 Security Update
2023-12-07 00:00:00
cve
cve
CVE-2023-20596
2023-11-14 19:15:16
prion
prion
Input validation
2023-11-14 19:15:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.0%

JSON
Related for AMD-SB-7011
nvd1cvelist1hp1cve1prion1