Lucene search

[email protected]CVE-2023-20530

HistoryJan 11, 2023 - 8:15 a.m.

CVE-2023-20530

2023-01-1108:15:13

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-20530

insufficient input validation

bios

smu

out-of-bounds memory reads

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

Affected configurations

NVD

Node

amdepyc_7003_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7003Match-

Node

amdepyc_72f3_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_72f3Match-

Node

amdepyc_7313_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7313Match-

Node

amdepyc_7313p_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7313pMatch-

Node

amdepyc_7343_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7343Match-

Node

amdepyc_7373x_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7373xMatch-

Node

amdepyc_73f3_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_73f3Match-

Node

amdepyc_7413_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7413Match-

Node

amdepyc_7443_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7443Match-

Node

amdepyc_7443p_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7443pMatch-

Node

amdepyc_7453_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7453Match-

Node

amdepyc_74f3_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_74f3Match-

Node

amdepyc_7513_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7513Match-

Node

amdepyc_7543_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7543Match-

Node

amdepyc_7543p_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7543pMatch-

Node

amdepyc_7573x_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7573xMatch-

Node

amdepyc_75f3_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_75f3Match-

Node

amdepyc_7643_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7643Match-

Node

amdepyc_7663_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7663Match-

Node

amdepyc_7713_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7713Match-

Node

amdepyc_7713p_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7713pMatch-

Node

amdepyc_7743_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7743Match-

Node

amdepyc_7763_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7763Match-

Node

amdepyc_7773x_firmwareRange<milanpi_1.0.0.5

AND

amdepyc_7773xMatch-

CPENameOperatorVersion
amd:epyc_7003_firmwareamd epyc 7003 firmwareltmilanpi_1.0.0.5

CPE	Name	Operator	Version
amd:epyc_7003_firmware	amd epyc 7003 firmware	lt	milanpi_1.0.0.5

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "3rd Gen EPYC",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVE-2023-20530

nvd1 prion1 cvelist1 amd1