CVE-2023-20577

2024-02-1502:22:01

redhat.com

access.redhat.com

amd

hardware

vulnerability

smm module

heap overflow

unauthenticated attacker

spi flash

arbitrary code

8 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

A vulnerability was found in AMD hardware due to a heap overflow in the SMM module. This issue could allow a local unauthenticated attacker to enable writing to SPI flash to execute arbitrary code.

References

bugzilla.redhat.com/show_bug.cgi?id=2263392

nvd.nist.gov/vuln/detail/CVE-2023-20577

www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html

www.cve.org/CVERecord?id=CVE-2023-20577