Strix
26.1K

CVE-2023-20565

HIGHCVSS 7.8/10EPSS 0.20%

Last modified

CVE-2023-20565 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. . EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.20%

10.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 3 5100 Firmware< comboam4v2_1.2.0.b
AmdRyzen 3 5300g Firmware< comboam4v2_1.2.0.b
AmdRyzen 3 5300ge Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 5500 Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 5600g Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 5600ge Firmware< comboam4v2_1.2.0.b
AmdRyzen 7 5700 Firmware< comboam4v2_1.2.0.b
AmdRyzen 7 5700g Firmware< comboam4v2_1.2.0.b
AmdRyzen 7 5700ge Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 7500f Firmware< comboam5_1.0.7.0
AmdRyzen 5 7600 Firmware< comboam5_1.0.7.0
AmdRyzen 5 7600x Firmware< comboam5_1.0.7.0
AmdRyzen 7 7700 Firmware< comboam5_1.0.7.0
AmdRyzen 7 7700x Firmware< comboam5_1.0.7.0
AmdRyzen 7 7800x3d Firmware< comboam5_1.0.7.0
AmdRyzen 9 7900 Firmware< comboam5_1.0.7.0
AmdRyzen 9 7900x Firmware< comboam5_1.0.7.0
AmdRyzen 9 7900x3d Firmware< comboam5_1.0.7.0
AmdRyzen 9 7950x Firmware< comboam5_1.0.7.0
AmdRyzen 9 7950x3d Firmware< comboam5_1.0.7.0
AmdRyzen Pro 3900 Firmware< comboam5_1.0.7.0
AmdRyzen Pro 7645 Firmware< comboam5_1.0.7.0
AmdRyzen Pro 7745 Firmware< comboam5_1.0.7.0
AmdRyzen Pro 7945 Firmware< comboam5_1.0.7.0
AmdRyzen 3 5125c Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 3 5400u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 3 5425u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5500h Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5560u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5600h Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5600hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5600u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5625u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5800h Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5800hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5800u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5825u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5900hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5900hx Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5980hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5980hx Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 6980hx Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 9 6980hs Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 9 6900hx Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 9 6900hs Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 7 6800h Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 7 6800hs Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 7 6800u Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 5 6600h Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 5 6600hs Firmware< rembrandtpi-fp7_1.0.0.9

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-20565?
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
How severe is CVE-2023-20565?
CVE-2023-20565 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2023-20565?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20565?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST