Ryzen 7 5700G Firmware
CVE-2023-20559
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
AnalysisAI
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-691. Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Affected products include: Amd Ryzen 7 5700G Firmware, Amd Ryzen 7 5700Ge Firmware, Amd Ryzen 5 5600G Firmware, Amd Ryzen 5 5600Ge Firmware, Amd Ryzen 3 5300G Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ryzen 7 5700G Firmware
View allImproper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 acces
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler pote
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. R
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage C
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbi
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault i
Same weakness CWE-691 – Insufficient Control Flow Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today