CVE-2023-20578

MEDIUM EPSS 1.9%
Published Aug 13, 20241y ago · Modified Jun 17, 20262w ago
6.4 CVSS 3.1
Medium
Find Similar
Published Aug 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

CVSS Details

Base Score
6.4
Exploitability
0.5
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-367

Affected Products 210

VendorProductVersionRange
amdepyc_8024pn_firmware* <genoapi_1.0.0.2
amdepyc_8024pn*any
amdepyc_8024p_firmware* <genoapi_1.0.0.2
amdepyc_8024p*any
amdepyc_8124pn_firmware* <genoapi_1.0.0.2
amdepyc_8124pn*any
amdepyc_8124p_firmware* <genoapi_1.0.0.2
amdepyc_8124p*any
amdepyc_8224pn_firmware* <genoapi_1.0.0.2
amdepyc_8224pn*any
amdepyc_8224p_firmware* <genoapi_1.0.0.2
amdepyc_8224p*any
amdepyc_8324pn_firmware* <genoapi_1.0.0.2
amdepyc_8324pn*any
amdepyc_8324p_firmware* <genoapi_1.0.0.2
amdepyc_8324p*any
amdepyc_8434pn_firmware* <genoapi_1.0.0.2
amdepyc_8434pn*any
amdepyc_8434p_firmware* <genoapi_1.0.0.2
amdepyc_8434p*any
amdepyc_8534pn_firmware* <genoapi_1.0.0.2
amdepyc_8534pn*any
amdepyc_8534p_firmware* <genoapi_1.0.0.2
amdepyc_8534p*any
amdepyc_9734_firmware* <genoapi_1.0.0.2
amdepyc_9734*any
amdepyc_9754s_firmware* <genoapi_1.0.0.2
amdepyc_9754s*any
amdepyc_9754_firmware* <genoapi_1.0.0.2
amdepyc_9754*any
amdepyc_9184x_firmware* <genoapi_1.0.0.2
amdepyc_9184x*any
amdepyc_9384x_firmware* <genoapi_1.0.0.2
amdepyc_9384x*any
amdepyc_9684x_firmware* <genoapi_1.0.0.2
amdepyc_9684x*any
amdepyc_9124_firmware* <genoapi_1.0.0.2
amdepyc_9124*any
amdepyc_9174f_firmware* <genoapi_1.0.0.2
amdepyc_9174f*any
amdepyc_9224_firmware* <genoapi_1.0.0.2
amdepyc_9224*any
amdepyc_9254_firmware* <genoapi_1.0.0.2
amdepyc_9254*any
amdepyc_9274f_firmware* <genoapi_1.0.0.2
amdepyc_9274f*any
amdepyc_9334_firmware* <genoapi_1.0.0.2
amdepyc_9334*any
amdepyc_9354_firmware* <genoapi_1.0.0.2
amdepyc_9354*any
amdepyc_9354p_firmware* <genoapi_1.0.0.2
amdepyc_9354p*any
amdepyc_9374f_firmware* <genoapi_1.0.0.2
amdepyc_9374f*any
amdepyc_9454_firmware* <genoapi_1.0.0.2
amdepyc_9454*any
amdepyc_9454p_firmware* <genoapi_1.0.0.2
amdepyc_9454p*any
amdepyc_9474f_firmware* <genoapi_1.0.0.2
amdepyc_9474f*any
amdepyc_9534_firmware* <genoapi_1.0.0.2
amdepyc_9534*any
amdepyc_9554_firmware* <genoapi_1.0.0.2
amdepyc_9554*any
amdepyc_9554p_firmware* <genoapi_1.0.0.2
amdepyc_9554p*any
amdepyc_9634_firmware* <genoapi_1.0.0.2
amdepyc_9634*any
amdepyc_9654_firmware* <genoapi_1.0.0.2
amdepyc_9654*any
amdepyc_9654p_firmware* <genoapi_1.0.0.2
amdepyc_9654p*any
amdepyc_7203_firmware* <milanpi_1.0.0.5
amdepyc_7203*any
amdepyc_7203p_firmware* <milanpi_1.0.0.5
amdepyc_7203p*any
amdepyc_72f3_firmware* <milanpi_1.0.0.5
amdepyc_72f3*any
amdepyc_7303_firmware* <milanpi_1.0.0.5
amdepyc_7303*any
amdepyc_7303p_firmware* <milanpi_1.0.0.5
amdepyc_7303p*any
amdepyc_7313_firmware* <milanpi_1.0.0.5
amdepyc_7313*any
amdepyc_7313p_firmware* <milanpi_1.0.0.5
amdepyc_7313p*any
amdepyc_7343_firmware* <milanpi_1.0.0.5
amdepyc_7343*any
amdepyc_73f3_firmware* <milanpi_1.0.0.5
amdepyc_73f3*any
amdepyc_7373x_firmware* <milanpi_1.0.0.5
amdepyc_7373x*any
amdepyc_7413_firmware* <milanpi_1.0.0.5
amdepyc_7413*any
amdepyc_7443_firmware* <milanpi_1.0.0.5
amdepyc_7443*any
amdepyc_7443p_firmware* <milanpi_1.0.0.5
amdepyc_7443p*any
amdepyc_74f3_firmware* <milanpi_1.0.0.5
amdepyc_74f3*any
amdepyc_7453_firmware* <milanpi_1.0.0.5
amdepyc_7453*any
amdepyc_7473x_firmware* <milanpi_1.0.0.5
amdepyc_7473x*any
amdepyc_7513_firmware* <milanpi_1.0.0.5
amdepyc_7513*any
amdepyc_7543_firmware* <milanpi_1.0.0.5
amdepyc_7543*any
amdepyc_7543p_firmware* <milanpi_1.0.0.5
amdepyc_7543p*any
amdepyc_75f3_firmware* <milanpi_1.0.0.5
amdepyc_75f3*any
amdepyc_7573x_firmware* <milanpi_1.0.0.5
amdepyc_7573x*any
amdepyc_7643_firmware* <milanpi_1.0.0.5
amdepyc_7643*any
amdepyc_7773x_firmware* <milanpi_1.0.0.5
amdepyc_7773x*any
amdepyc_7643p_firmware* <milanpi_1.0.0.5
amdepyc_7643p*any
amdepyc_7663_firmware* <milanpi_1.0.0.5
amdepyc_7663*any
amdepyc_7663p_firmware* <milanpi_1.0.0.5
amdepyc_7663p*any
amdepyc_7713_firmware* <milanpi_1.0.0.5
amdepyc_7713*any
amdepyc_7713p_firmware* <milanpi_1.0.0.5
amdepyc_7713p*any
amdepyc_7763_firmware* <milanpi_1.0.0.5
amdepyc_7763*any
amdepyc_7h12_firmware* <romepi_1.0.0.g
amdepyc_7h12*any
amdepyc_7f72_firmware* <romepi_1.0.0.g
amdepyc_7f72*any
amdepyc_7f52_firmware* <romepi_1.0.0.g
amdepyc_7f52*any
amdepyc_7f32_firmware* <romepi_1.0.0.g
amdepyc_7f32*any
amdepyc_7742_firmware* <romepi_1.0.0.g
amdepyc_7742*any
amdepyc_7702p_firmware* <romepi_1.0.0.g
amdepyc_7702p*any
amdepyc_7702_firmware* <romepi_1.0.0.g
amdepyc_7702*any
amdepyc_7662_firmware* <romepi_1.0.0.g
amdepyc_7662*any
amdepyc_7642_firmware* <romepi_1.0.0.g
amdepyc_7642*any
amdepyc_7552_firmware* <romepi_1.0.0.g
amdepyc_7552*any
amdepyc_7542_firmware* <romepi_1.0.0.g
amdepyc_7542*any
amdepyc_7532_firmware* <romepi_1.0.0.g
amdepyc_7532*any
amdepyc_7502p_firmware* <romepi_1.0.0.g
amdepyc_7502p*any
amdepyc_7502_firmware* <romepi_1.0.0.g
amdepyc_7502*any
amdepyc_7452_firmware* <romepi_1.0.0.g
amdepyc_7452*any
amdepyc_7402p_firmware* <romepi_1.0.0.g
amdepyc_7402p*any
amdepyc_7402_firmware* <romepi_1.0.0.g
amdepyc_7402*any
amdepyc_7352_firmware* <romepi_1.0.0.g
amdepyc_7352*any
amdepyc_7302p_firmware* <romepi_1.0.0.g
amdepyc_7302p*any
amdepyc_7302_firmware* <romepi_1.0.0.g
amdepyc_7302*any
amdepyc_7282_firmware* <romepi_1.0.0.g
amdepyc_7282*any
amdepyc_7272_firmware* <romepi_1.0.0.g
amdepyc_7272*any
amdepyc_7262_firmware* <romepi_1.0.0.g
amdepyc_7262*any
amdepyc_7252_firmware* <romepi_1.0.0.g
amdepyc_7252*any
amdepyc_7232p_firmware* <romepi_1.0.0.g
amdepyc_7232p*any
amdepyc_7601_firmware* <naplespi_1.0.0.k
amdepyc_7601*any
amdepyc_7551p_firmware* <naplespi_1.0.0.k
amdepyc_7551p*any
amdepyc_7551_firmware* <naplespi_1.0.0.k
amdepyc_7551*any
amdepyc_7501_firmware* <naplespi_1.0.0.k
amdepyc_7501*any
amdepyc_7451_firmware* <naplespi_1.0.0.k
amdepyc_7451*any
amdepyc_7401p_firmware* <naplespi_1.0.0.k
amdepyc_7401p*any
amdepyc_7401_firmware* <naplespi_1.0.0.k
amdepyc_7401*any
amdepyc_7371_firmware* <naplespi_1.0.0.k
amdepyc_7371*any
amdepyc_7351p_firmware* <naplespi_1.0.0.k
amdepyc_7351p*any
amdepyc_7351_firmware* <naplespi_1.0.0.k
amdepyc_7351*any
amdepyc_7301_firmware* <naplespi_1.0.0.k
amdepyc_7301*any
amdepyc_7281_firmware* <naplespi_1.0.0.k
amdepyc_7281*any
amdepyc_7261_firmware* <naplespi_1.0.0.k
amdepyc_7261*any
amdepyc_7251_firmware* <naplespi_1.0.0.k
amdepyc_7251*any
amdepyc_7001_firmware* <naplespi_1.0.0.k
amdepyc_7001*any

References 1

  • amd.com https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.