CVE-2023-20576

2024-02-1505:02:13

redhat.com

access.redhat.com

amd

hardware

agesa

vulnerability

data authenticity

denial of service

privilege escalation

7.2 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

A vulnerability was found in AMD hardware due to insufficient verification of data authenticity in AGESA. This issue may allow a local unauthenticated attacker to update SPI ROM data, potentially resulting in denial of service or privilege escalation.

References

bugzilla.redhat.com/show_bug.cgi?id=2263271

nvd.nist.gov/vuln/detail/CVE-2023-20576

www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html

www.cve.org/CVERecord?id=CVE-2023-20576