Strix
26.1K

CVE-2023-20571

HIGHCVSS 8.1/10EPSS 0.45%

Last modified

CVE-2023-20571 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. . EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.45%

35.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdRyzen 3 5100 Firmware< comboam4v2_1.2.0.b
AmdRyzen 3 5300g Firmware< comboam4v2_1.2.0.b
AmdRyzen 3 5300ge Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 5500 Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 5600g Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 5600ge Firmware< comboam4v2_1.2.0.b
AmdRyzen 7 5700 Firmware< comboam4v2_1.2.0.b
AmdRyzen 7 5700g Firmware< comboam4v2_1.2.0.b
AmdRyzen 7 5700ge Firmware< comboam4v2_1.2.0.b
AmdRyzen 5 7500f Firmware< comboam5_1.0.7.0
AmdRyzen 5 7600 Firmware< comboam5_1.0.7.0
AmdRyzen 5 7600x Firmware< comboam5_1.0.7.0
AmdRyzen 7 7700 Firmware< comboam5_1.0.7.0
AmdRyzen 7 7700x Firmware< comboam5_1.0.7.0
AmdRyzen 7 7800x3d Firmware< comboam5_1.0.7.0
AmdRyzen 9 7900 Firmware< comboam5_1.0.7.0
AmdRyzen 9 7900x Firmware< comboam5_1.0.7.0
AmdRyzen 9 7900x3d Firmware< comboam5_1.0.7.0
AmdRyzen 9 7950x Firmware< comboam5_1.0.7.0
AmdRyzen 9 7950x3d Firmware< comboam5_1.0.7.0
AmdRyzen Pro 3900 Firmware< comboam5_1.0.7.0
AmdRyzen Pro 7645 Firmware< comboam5_1.0.7.0
AmdRyzen Pro 7745 Firmware< comboam5_1.0.7.0
AmdRyzen Pro 7945 Firmware< comboam5_1.0.7.0
AmdRyzen 3 5125c Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 3 5400u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 3 5425u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5500h Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5560u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5600h Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5600hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5600u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 5 5625u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5800h Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5800hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5800u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 7 5825u Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5900hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5900hx Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5980hs Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 5980hx Firmware< cezannepi-fp6_1.0.0.f
AmdRyzen 9 6980hx Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 9 6980hs Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 9 6900hx Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 9 6900hs Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 7 6800h Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 7 6800hs Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 7 6800u Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 5 6600h Firmware< rembrandtpi-fp7_1.0.0.9
AmdRyzen 5 6600hs Firmware< rembrandtpi-fp7_1.0.0.9

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-20571?
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
How severe is CVE-2023-20571?
CVE-2023-20571 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.
How do I fix CVE-2023-20571?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20571?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST