Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 11, 2023 - 08:15 nvd
HIGH 7.5

DescriptionNVD

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.

AnalysisAI

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Affected products include: Amd Epyc 7H12 Firmware, Amd Epyc 7F72 Firmware, Amd Epyc 7F52 Firmware, Amd Epyc 7F32 Firmware, Amd Epyc 7742 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2023-20520 CRITICAL
9.8 May 09

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-b

CVE-2023-20593 MEDIUM POC
5.5 Jul 24

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access s

CVE-2021-26340 HIGH
8.4 Dec 10

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl

CVE-2023-20533 HIGH
7.5 Nov 14

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva

CVE-2023-20524 HIGH
7.5 May 09

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out

CVE-2023-20531 HIGH
7.5 Jan 11

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value

CVE-2021-26338 HIGH
7.5 Nov 16

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control table

CVE-2021-26322 HIGH
7.5 Nov 16

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. Rate

CVE-2023-20592 MEDIUM
6.5 Nov 14

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervis

CVE-2023-20527 MEDIUM
6.5 Jan 11

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, po

CVE-2023-20525 MEDIUM
6.5 Jan 11

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the b

CVE-2022-23825 MEDIUM
6.5 Jul 14

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to in

Share

CVE-2023-20529 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy