Strix
26.1K

CVE-2023-20558

HIGHCVSS 8.8/10EPSS 0.67%

Last modified

CVE-2023-20558 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. . EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.67%

47.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 7 5700g Firmware< comboam4_v2_pi_1.2.0.6c
AmdRyzen 7 5700ge Firmware< comboam4_v2_pi_1.2.0.6c
AmdRyzen 5 5600g Firmware< comboam4_v2_pi_1.2.0.6c
AmdRyzen 5 5600ge Firmware< comboam4_v2_pi_1.2.0.6c
AmdRyzen 3 5300g Firmware< comboam4_v2_pi_1.2.0.6c
AmdRyzen 3 5300ge Firmware< comboam4_v2_pi_1.2.0.6c
AmdRyzen 9 5980hx Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 9 5980hs Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 7 5825u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 9 5900hx Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 9 5900hs Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 7 5825c Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 7 5800h Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 5 5625u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 7 5800hs Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 5 5625c Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 5 5600h Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 5 5600hs Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 7 5800u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 5 5600u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 5 5560u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 3 5425u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 3 5425c Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 3 5400u Firmware< cezannepi-fp6_1.0.0.9
AmdRyzen 3 5125c Firmware< cezannepi-fp6_1.0.0.9
AmdAthlon Silver 3050u FirmwareAll versions
AmdAthlon Gold 3150u FirmwareAll versions
AmdRyzen 3 3200u FirmwareAll versions
AmdRyzen 3 3250u FirmwareAll versions
AmdRyzen 3 3300u FirmwareAll versions
AmdRyzen 3 3350u FirmwareAll versions
AmdRyzen 3 3450u FirmwareAll versions
AmdRyzen 3 3500u FirmwareAll versions
AmdRyzen 3 3500c FirmwareAll versions
AmdRyzen 3 3550h FirmwareAll versions
AmdRyzen 3 3580u FirmwareAll versions
AmdRyzen 3 3700u FirmwareAll versions
AmdRyzen 3 3700c FirmwareAll versions
AmdRyzen 3 3750h FirmwareAll versions
AmdRyzen 3 3780u FirmwareAll versions
AmdRyzen 3 2200u Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 3 2300u Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 5 2500u Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 5 2600 Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 5 2600h Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 5 2600x Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 5 2700 Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 5 2700x Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 7 2700 Firmware< comboam4v2_pi_1.2.0.6c
AmdRyzen 7 2700u Firmware< comboam4v2_pi_1.2.0.6c

Showing 50 of 89 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-20558?
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
How severe is CVE-2023-20558?
CVE-2023-20558 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.
How do I fix CVE-2023-20558?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20558?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST