CVE-2023-20587

2024-02-1319:31:22

AMD

www.cve.org

cve-2023-20587

access control

smm

spi flash

arbitrary code execution

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper
Access Control in System Management Mode (SMM) may allow an attacker access to
the SPI flash potentially leading to arbitrary code execution.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "3rd Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "4th Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "PI",
    "product": "1st Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "2nd Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "x86"
    ],
    "product": "AMD EPYC(TM) Embedded 3000 ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "x86"
    ],
    "product": "AMD EPYC(TM) Embedded 7002 ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC(TM) Embedded 7003",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "x86"
    ],
    "product": "AMD EPYC(TM) Embedded 9003",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009