CVE-2023-20579

Name: CVE-2023-20579
Creator: NVD / NIST
Published: 2024-02-13T20:15:52.577+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6/10EPSS 0.16%

Last modified Jun 17, 2026

CVE-2023-20579 is a medium-severity vulnerability rated 6/10 on the CVSS scale. Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability. . EPSS estimates a 0.16% chance of exploitation in the next 30 days.

Description

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

Metrics

CVSS 3.1

6/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS Probability

0.16%

5.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions
Amd	Ryzen 7 5700g Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 7 5700ge Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 5600g Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 5600gt Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 5600ge Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 5500gt Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 3 5300g Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 3 5300ge Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 7500f Firmware	< comboam5_1.0.8.0
Amd	Ryzen 5 Pro 7645 Firmware	< comboam5_1.0.8.0
Amd	Ryzen 5 7600x Firmware	< comboam5_1.0.8.0
Amd	Ryzen 5 7600 Firmware	< comboam5_1.0.8.0
Amd	Ryzen 5 7600x3d Firmware	< comboam5_1.0.8.0
Amd	Ryzen 7 Pro 7745 Firmware	< comboam5_1.0.8.0
Amd	Ryzen 7 7700 Firmware	< comboam5_1.0.8.0
Amd	Ryzen 7 7700x Firmware	< comboam5_1.0.8.0
Amd	Ryzen 7 7800x3d Firmware	< comboam5_1.0.8.0
Amd	Ryzen 9 Pro 7945 Firmware	< comboam5_1.0.8.0
Amd	Ryzen 9 7900 Firmware	< comboam5_1.0.8.0
Amd	Ryzen 9 7900x Firmware	<= comboam5_1.0.8.0
Amd	Ryzen 9 7900x3d Firmware	< comboam5_1.0.8.0
Amd	Ryzen 9 7950x Firmware	< comboam5_1.0.8.0
Amd	Ryzen 9 7950x3d Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper 7960x Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper 7970x Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper 7980x Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper Pro 7945wx Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper Pro 7955wx Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper Pro 7965wx Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper Pro 7975wx Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper Pro 7985wx Firmware	< comboam5_1.0.8.0
Amd	Ryzen Threadripper Pro 7995wx Firmware	<= comboam5_1.0.8.0
Amd	Ryzen 7 4700g Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 7 4700ge Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 4600g Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 5 4600ge Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 3 4300g Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 3 4300ge Firmware	< comboam4v2pi_1.2.0.c
Amd	Ryzen 9 4900h Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 7 4800u Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 7 4700u Firmware	<= renoirpi-fp6_1.0.0.d
Amd	Ryzen 7 4800h Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 5 4600u Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 5 4500u Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 5 4600h Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 3 4300u Firmware	< renoirpi-fp6_1.0.0.d
Amd	Ryzen 9 5980hx Firmware	< cezannepi-fp6_1.0.1.0
Amd	Ryzen 9 5980hs Firmware	< cezannepi-fp6_1.0.1.0
Amd	Ryzen 7 5825u Firmware	< cezannepi-fp6_1.0.1.0
Amd	Ryzen 9 5900hx Firmware	< cezannepi-fp6_1.0.1.0

Showing 50 of 129 affected configurations. See NVD for the full list.

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009Vendor Advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009Vendor Advisory

Timeline

Published: Feb 13, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-20579?

How severe is CVE-2023-20579?

CVE-2023-20579 has a CVSS score of 6/10 (MEDIUM severity). The EPSS model estimates a 0.16% probability of exploitation in the next 30 days.

How do I fix CVE-2023-20579?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20579?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST