Vulnerability Description
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Ryzen 3 5100 Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 3 5100 | - |
| Amd | Ryzen 3 5300G Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 3 5300G | - |
| Amd | Ryzen 3 5300Ge Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 3 5300Ge | - |
| Amd | Ryzen 5 5500 Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 5 5500 | - |
| Amd | Ryzen 5 5600G Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 5 5600G | - |
| Amd | Ryzen 5 5600Ge Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 5 5600Ge | - |
| Amd | Ryzen 7 5700 Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 7 5700 | - |
| Amd | Ryzen 7 5700G Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 7 5700G | - |
| Amd | Ryzen 7 5700Ge Firmware | < comboam4v2_1.2.0.b |
| Amd | Ryzen 7 5700Ge | - |
| Amd | Ryzen 5 7500F Firmware | < comboam5_1.0.7.0 |
| Amd | Ryzen 5 7500F | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory
FAQ
What is CVE-2023-20571?
CVE-2023-20571 is a vulnerability with a CVSS score of 8.1 (HIGH). A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
How severe is CVE-2023-20571?
CVE-2023-20571 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20571?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 3 5100 Firmware, Amd Ryzen 3 5100, Amd Ryzen 3 5300G Firmware, Amd Ryzen 3 5300G, Amd Ryzen 3 5300Ge Firmware.