Skip to main content

Ryzen 7 5700G Firmware CVE-2023-20559

HIGH
Insufficient Control Flow Management (CWE-691)
2023-04-02 psirt@amd.com
Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware Ryzen 3 5300G Firmware Ryzen 3 5300Ge Firmware Ryzen 9 5980Hx Firmware Ryzen 9 5980Hs Firmware Ryzen 7 5825U Firmware Ryzen 9 5900Hx Firmware Ryzen 9 5900Hs Firmware Ryzen 7 5825C Firmware Ryzen 7 5800H Firmware Ryzen 5 5625U Firmware Ryzen 7 5800Hs Firmware Ryzen 5 5625C Firmware Ryzen 5 5600H Firmware Ryzen 5 5600Hs Firmware Ryzen 7 5800U Firmware Ryzen 5 5600U Firmware Ryzen 5 5560U Firmware Ryzen 3 5425U Firmware Ryzen 3 5425C Firmware Ryzen 3 5400U Firmware Ryzen 3 5125C Firmware Athlon Silver 3050U Firmware Athlon Gold 3150U Firmware Ryzen 3 3200U Firmware Ryzen 3 3250U Firmware Ryzen 3 3300U Firmware Ryzen 3 3350U Firmware Ryzen 3 3450U Firmware Ryzen 3 3500U Firmware Ryzen 3 3500C Firmware Ryzen 3 3550H Firmware Ryzen 3 3580U Firmware Ryzen 3 3700U Firmware Ryzen 3 3700C Firmware Ryzen 3 3750H Firmware Ryzen 3 3780U Firmware Ryzen 3 2200U Firmware Ryzen 3 2300U Firmware Ryzen 5 2500U Firmware Ryzen 5 2600 Firmware Ryzen 5 2600H Firmware Ryzen 5 2600X Firmware Ryzen 5 2700 Firmware Ryzen 5 2700X Firmware Ryzen 7 2700 Firmware Ryzen 7 2700U Firmware Ryzen 7 2700X Firmware Ryzen 7 2800H Firmware Ryzen 3 3300X Firmware Ryzen 5 3500 Firmware Ryzen 5 3500X Firmware Ryzen 5 3600 Firmware Ryzen 5 3600X Firmware Ryzen 5 3600Xt Firmware Ryzen 7 3700X Firmware Ryzen 7 3800X Firmware Ryzen 7 3800Xt Firmware Ryzen 9 3900 Firmware Ryzen 9 3900X Firmware Ryzen 9 3900Xt Firmware Ryzen 9 3950X Firmware Ryzen 9 Pro 3900 Firmware Ryzen Threadripper 2990Wx Firmware Ryzen Threadripper 2970Wx Firmware Ryzen Threadripper 2950X Firmware Ryzen Threadripper 2920X Firmware Ryzen Threadripper 3990X Firmware Ryzen Threadripper 3970X Firmware Ryzen Threadripper 3960X Firmware Ryzen Threadripper Pro 3795Wx Firmware Ryzen Threadripper Pro 3945Wx Firmware Ryzen Threadripper Pro 3955Wx Firmware Ryzen Threadripper Pro 3975Wx Firmware Ryzen Threadripper Pro 3995Wx Firmware Ryzen Threadripper Pro 5945Wx Firmware Ryzen Threadripper Pro 5955Wx Firmware Ryzen Threadripper Pro 5965Wx Firmware Ryzen Threadripper Pro 5975Wx Firmware Ryzen Threadripper Pro 5995Wx Firmware Ryzen 7 4700G Firmware Ryzen 7 4700Ge Firmware Ryzen 5 4600G Firmware Ryzen 5 4600Ge Firmware Ryzen 3 4300G Firmware Ryzen 3 4300Ge Firmware
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 02, 2023 - 21:15 nvd
HIGH 8.8

DescriptionNVD

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

AnalysisAI

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-691. Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Affected products include: Amd Ryzen 7 5700G Firmware, Amd Ryzen 7 5700Ge Firmware, Amd Ryzen 5 5600G Firmware, Amd Ryzen 5 5600Ge Firmware, Amd Ryzen 3 5300G Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-20559 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy