Skip to main content

Ryzen 3 3300 Firmware CVE-2023-20555

HIGH
Out-of-bounds Write (CWE-787)
2023-08-08 psirt@amd.com
Memory Corruption Buffer Overflow RCE Ryzen 3 3300 Firmware Ryzen 3 3300X Firmware Ryzen 5 3600 Firmware Ryzen 5 3600X Firmware Ryzen 7 3700 Firmware Ryzen 7 3700X Firmware Ryzen 9 3800X Firmware Ryzen 9 3850X Firmware Ryzen 9 5950X Firmware Ryzen 9 5900X Firmware Ryzen 9 5900 Firmware Ryzen 9 Pro 5945 Firmware Ryzen 7 5800X3D Firmware Ryzen 7 5800X Firmware Ryzen 7 5800 Firmware Ryzen 7 5700X Firmware Ryzen 7 Pro 5845 Firmware Ryzen 5 5600X3D Firmware Ryzen 5 5600X Firmware Ryzen 5 5600 Firmware Ryzen 5 Pro 5645 Firmware Ryzen 7 5700 Firmware Ryzen 5 5500 Firmware Ryzen 3 5100 Firmware Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware Ryzen 3 5300G Firmware Ryzen 3 5300Ge Firmware Ryzen 9 7950X3D Firmware Ryzen 9 7950X Firmware Ryzen 9 7900X3D Firmware Ryzen 9 7900X Firmware Ryzen 9 7900 Firmware Ryzen 9 Pro 7945 Firmware Ryzen 7 7800X3D Firmware Ryzen 7 7700X Firmware Ryzen 7 7700 Firmware Ryzen 7 Pro 7745 Firmware Ryzen 5 7600X Firmware Ryzen 5 7600 Firmware Ryzen 5 Pro 7645 Firmware Ryzen 5 7500F Firmware Ryzen 4700S Firmware Ryzen 5 4500 Firmware Ryzen 3 4100 Firmware Athlon Pro 300Ge Firmware Athlon Gold 3150Ge Firmware Athlon Gold Pro 3150Ge Firmware Athlon Gold 3150G Firmware Athlon Gold Pro 3150G Firmware Athlon Silver 3050E Firmware Athlon Pro 3045B Firmware Athlon Silver 3050U Firmware Athlon Silver 3050C Firmware Athlon Pro 3145B Firmware Athlon Gold 3150U Firmware Athlon Gold 3150C Firmware Athlon 3015E Firmware Athlon 3015Ce Firmware Ryzen 7 3780U Firmware Ryzen 7 3750H Firmware Ryzen 7 3700C Firmware Ryzen 7 3700U Firmware Ryzen 5 3580U Firmware Ryzen 5 3550H Firmware Ryzen 5 3500C Firmware Ryzen 5 3500U Firmware Ryzen 5 3450U Firmware Ryzen 3 3350U Firmware Ryzen 3 3300U Firmware Ryzen 9 4900H Firmware Ryzen 9 4900Hs Firmware Ryzen 7 4800H Firmware Ryzen 7 4800Hs Firmware Ryzen 7 4980U Firmware Ryzen 7 4800U Firmware Ryzen 7 4700U Firmware Ryzen 5 4600H Firmware Ryzen 5 4600Hs Firmware Ryzen 5 4680U Firmware Ryzen 5 4600U Firmware Ryzen 5 4500U Firmware Ryzen 3 4300U Firmware Ryzen 7 5700U Firmware Ryzen 5 5500U Firmware Ryzen 3 5300U Firmware Ryzen 9 5980Hx Firmware Ryzen 9 5980Hs Firmware Ryzen 9 5900Hx Firmware Ryzen 9 5900Hs Firmware Ryzen 7 5800H Firmware Ryzen 7 5800Hs Firmware Ryzen 7 5825U Firmware Ryzen 7 5800U Firmware Ryzen 5 5600H Firmware Ryzen 5 5600Hs Firmware Ryzen 5 5625U Firmware Ryzen 5 5600U Firmware Ryzen 5 5560U Firmware Ryzen 3 5425U Firmware Ryzen 3 5400U Firmware Ryzen 3 5125C Firmware Ryzen 9 6980Hx Firmware Ryzen 9 6980Hs Firmware Ryzen 9 6900Hx Firmware Ryzen 9 6900Hs Firmware Ryzen 7 6800H Firmware Ryzen 7 6800Hs Firmware Ryzen 7 6800U Firmware Ryzen 5 6600H Firmware Ryzen 5 6600Hs Firmware Ryzen 5 6600U Firmware Ryzen 5 7520U Firmware Ryzen 3 7320U Firmware Ryzen 7 Pro 7730U Firmware Ryzen 5 Pro 7530U Firmware Ryzen 3 Pro 7330U Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 08, 2023 - 18:15 nvd
HIGH 7.8

DescriptionNVD

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

AnalysisAI

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. Affected products include: Amd Ryzen 3 3300 Firmware, Amd Ryzen 3 3300X Firmware, Amd Ryzen 5 3600 Firmware, Amd Ryzen 5 3600X Firmware, Amd Ryzen 7 3700 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Share

CVE-2023-20555 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy