1. Home
  2. CVE Database
  3. CVE-2023-20533
MEDIUM · 6.1

CVE-2023-20533

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

Vulnerability Description

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
AmdEpyc 7232P Firmware< romepi_1.0.0.d
AmdEpyc 7232P-
AmdEpyc 7252 Firmware< romepi_1.0.0.d
AmdEpyc 7252-
AmdEpyc 7262 Firmware< romepi_1.0.0.d
AmdEpyc 7262-
AmdEpyc 7272 Firmware< romepi_1.0.0.d
AmdEpyc 7272-
AmdEpyc 7282 Firmware< romepi_1.0.0.d
AmdEpyc 7282-
AmdEpyc 7302 Firmware< romepi_1.0.0.d
AmdEpyc 7302-
AmdEpyc 7302P Firmware< romepi_1.0.0.d
AmdEpyc 7302P-
AmdEpyc 7352 Firmware< romepi_1.0.0.d
AmdEpyc 7352-
AmdEpyc 7402 Firmware< romepi_1.0.0.d
AmdEpyc 7402-
AmdEpyc 7402P Firmware< romepi_1.0.0.d
AmdEpyc 7402P-

References

FAQ

What is CVE-2023-20533?

CVE-2023-20533 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.

How severe is CVE-2023-20533?

CVE-2023-20533 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20533?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7232P Firmware, Amd Epyc 7232P, Amd Epyc 7252 Firmware, Amd Epyc 7252, Amd Epyc 7262 Firmware.