Vulnerability Description
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 8024Pn Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8024Pn | - |
| Amd | Epyc 8024P Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8024P | - |
| Amd | Epyc 8124Pn Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8124Pn | - |
| Amd | Epyc 8124P Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8124P | - |
| Amd | Epyc 8224Pn Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8224Pn | - |
| Amd | Epyc 8224P Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8224P | - |
| Amd | Epyc 8324Pn Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8324Pn | - |
| Amd | Epyc 8324P Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8324P | - |
| Amd | Epyc 8434Pn Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8434Pn | - |
| Amd | Epyc 8434P Firmware | < genoapi_1.0.0.2 |
| Amd | Epyc 8434P | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2023-20578?
CVE-2023-20578 is a vulnerability with a CVSS score of 7.5 (HIGH). A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary...
How severe is CVE-2023-20578?
CVE-2023-20578 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20578?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 8024Pn Firmware, Amd Epyc 8024Pn, Amd Epyc 8024P Firmware, Amd Epyc 8024P, Amd Epyc 8124Pn Firmware.