Lucene search

K
cve[email protected]CVE-2023-20571
HistoryNov 14, 2023 - 7:15 p.m.

CVE-2023-20571

2023-11-1419:15:15
CWE-362
web.nvd.nist.gov
27
vulnerability
smm
code
privilege escalation
cve-2023-20571
nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

Affected configurations

NVD
Node
amdryzen_3_5100_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_3_5100Match-
Node
amdryzen_3_5300g_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_3_5300gMatch-
Node
amdryzen_3_5300ge_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_3_5300geMatch-
Node
amdryzen_5_5500_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_5_5500Match-
Node
amdryzen_5_5600g_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_5_5600gMatch-
Node
amdryzen_5_5600ge_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_5_5600geMatch-
Node
amdryzen_7_5700_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_7_5700Match-
Node
amdryzen_7_5700g_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_7_5700gMatch-
Node
amdryzen_7_5700ge_firmwareRange<comboam4v2_1.2.0.b
AND
amdryzen_7_5700geMatch-
Node
amdryzen_5_7500f_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_5_7500fMatch-
Node
amdryzen_5_7600_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_5_7600Match-
Node
amdryzen_5_7600x_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_5_7600xMatch-
Node
amdryzen_7_7700_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_7_7700Match-
Node
amdryzen_7_7700x_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_7_7700xMatch-
Node
amdryzen_7_7800x3d_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_7_7800x3dMatch-
Node
amdryzen_9_7900_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_9_7900Match-
Node
amdryzen_9_7900x_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_9_7900xMatch-
Node
amdryzen_9_7900x3d_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_9_7900x3dMatch-
Node
amdryzen_9_7950x_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_9_7950xMatch-
Node
amdryzen_9_7950x3d_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_9_7950x3dMatch-
Node
amdryzen_pro_3900_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_pro_3900Match-
Node
amdryzen_pro_7645_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_pro_7645Match-
Node
amdryzen_pro_7745_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_pro_7745Match-
Node
amdryzen_pro_7945_firmwareRange<comboam5_1.0.7.0
AND
amdryzen_pro_7945Match-
Node
amdryzen_3_5125c_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_3_5125cMatch-
Node
amdryzen_3_5400u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_3_5400uMatch-
Node
amdryzen_3_5425u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_3_5425uMatch-
Node
amdryzen_5_5500h_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_5500hMatch-
Node
amdryzen_5_5560u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_5560uMatch-
Node
amdryzen_5_5600h_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_5600hMatch-
Node
amdryzen_5_5600hs_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_5600hsMatch-
Node
amdryzen_5_5600u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_5600uMatch-
Node
amdryzen_5_5625u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_5625uMatch-
Node
amdryzen_7_5800h_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_7_5800hMatch-
Node
amdryzen_7_5800hs_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_7_5800hsMatch-
Node
amdryzen_7_5800u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_7_5800uMatch-
Node
amdryzen_7_5825u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_7_5825uMatch-
Node
amdryzen_9_5900hs_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_9_5900hsMatch-
Node
amdryzen_9_5900hx_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_9_5900hxMatch-
Node
amdryzen_9_5980hs_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_9_5980hsMatch-
Node
amdryzen_9_5980hx_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_9_5980hxMatch-
Node
amdryzen_9_6980hx_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_9_6980hxMatch-
Node
amdryzen_9_6980hs_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_9_6980hsMatch-
Node
amdryzen_9_6900hx_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_9_6900hxMatch-
Node
amdryzen_9_6900hs_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_9_6900hsMatch-
Node
amdryzen_7_6800h_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_7_6800hMatch-
Node
amdryzen_7_6800hs_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_7_6800hsMatch-
Node
amdryzen_7_6800u_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_7_6800uMatch-
Node
amdryzen_5_6600h_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_5_6600hMatch-
Node
amdryzen_5_6600hs_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_5_6600hsMatch-
Node
amdryzen_5_6600u_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_5_6600uMatch-
Node
amdryzen_7_7735hs_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_7_7735hsMatch-
Node
amdryzen_7_7736u_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_7_7736uMatch-
Node
amdryzen_7_7735u_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_7_7735uMatch-
Node
amdryzen_5_7535hs_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_5_7535hsMatch-
Node
amdryzen_5_7535u_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_5_7535uMatch-
Node
amdryzen_3_7335u_firmwareRange<rembrandtpi-fp7_1.0.0.9
AND
amdryzen_3_7335uMatch-
Node
amdryzen_7_pro_7730u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_7_pro_7730uMatch-
Node
amdryzen_9_pro_7940hs_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_9_pro_7940hsMatch-
Node
amdryzen_9_pro_7940h_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_9_pro_7940hMatch-
Node
amdryzen_7_pro_7840hs_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_7_pro_7840hsMatch-
Node
amdryzen_7_pro_7840h_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_7_pro_7840hMatch-
Node
amdryzen_7_pro_7840u_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_7_pro_7840uMatch-
Node
amdryzen_5_pro_7640hs_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_5_pro_7640hsMatch-
Node
amdryzen_5_pro_7640h_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_5_pro_7640hMatch-
Node
amdryzen_5_pro_7640u_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_5_pro_7640uMatch-
Node
amdryzen_5_pro_7545u_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_5_pro_7545uMatch-
Node
amdryzen_5_pro_7540u_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_5_pro_7540uMatch-
Node
amdryzen_3_pro_7440u_firmwareRange<phoenixpi-fp8-fp7_pi_1.0.0.1g
AND
amdryzen_3_pro_7440uMatch-
Node
amdryzen_5_pro_7530u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_5_pro_7530uMatch-
Node
amdryzen_3_pro_7330u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_3_pro_7330uMatch-
Node
amdryzen_7_pro_7730u_firmwareRange<cezannepi-fp6_1.0.0.f
AND
amdryzen_7_pro_7730uMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics  “Cezanne”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 7000 Series Desktop Processors “Raphael” XD3",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics \"Rembrandt\"",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics  “Barcelo”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": " Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics “Phoenix” FP7/FP7r2/FP8",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%