Skip to main content

Ryzen 3 5100 Firmware CVE-2023-20563

HIGH
Improper Privilege Management (CWE-269)
2023-11-14 psirt@amd.com
Privilege Escalation Ryzen 3 5100 Firmware Ryzen 3 5300G Firmware Ryzen 3 5300Ge Firmware Ryzen 5 5500 Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware Ryzen 7 5700 Firmware Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 7500F Firmware Ryzen 5 7600 Firmware Ryzen 5 7600X Firmware Ryzen 7 7700 Firmware Ryzen 7 7700X Firmware Ryzen 7 7800X3D Firmware Ryzen 9 7900 Firmware Ryzen 9 7900X Firmware Ryzen 9 7900X3D Firmware Ryzen 9 7950X Firmware Ryzen 9 7950X3D Firmware Ryzen Pro 3900 Firmware Ryzen Pro 7645 Firmware Ryzen Pro 7745 Firmware Ryzen Pro 7945 Firmware Ryzen 3 5125C Firmware Ryzen 3 5400U Firmware Ryzen 3 5425U Firmware Ryzen 5 5500H Firmware Ryzen 5 5560U Firmware Ryzen 5 5600H Firmware Ryzen 5 5600Hs Firmware Ryzen 5 5600U Firmware Ryzen 5 5625U Firmware Ryzen 7 5800H Firmware Ryzen 7 5800Hs Firmware Ryzen 7 5800U Firmware Ryzen 7 5825U Firmware Ryzen 9 5900Hs Firmware Ryzen 9 5900Hx Firmware Ryzen 9 5980Hs Firmware Ryzen 9 5980Hx Firmware Ryzen 9 6980Hx Firmware Ryzen 9 6980Hs Firmware Ryzen 9 6900Hx Firmware Ryzen 9 6900Hs Firmware Ryzen 7 6800H Firmware Ryzen 7 6800Hs Firmware Ryzen 7 6800U Firmware Ryzen 5 6600H Firmware Ryzen 5 6600Hs Firmware Ryzen 5 6600U Firmware Ryzen 7 7735Hs Firmware Ryzen 7 7736U Firmware Ryzen 7 7735U Firmware Ryzen 5 7535Hs Firmware Ryzen 5 7535U Firmware Ryzen 3 7335U Firmware Ryzen 7 Pro 7730U Firmware Ryzen 9 Pro 7940Hs Firmware Ryzen 9 Pro 7940H Firmware Ryzen 7 Pro 7840Hs Firmware Ryzen 7 Pro 7840H Firmware Ryzen 7 Pro 7840U Firmware Ryzen 5 Pro 7640Hs Firmware Ryzen 5 Pro 7640H Firmware Ryzen 5 Pro 7640U Firmware Ryzen 5 Pro 7545U Firmware Ryzen 5 Pro 7540U Firmware Ryzen 3 Pro 7440U Firmware Ryzen 5 Pro 7530U Firmware Ryzen 3 Pro 7330U Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2023 - 19:15 nvd
HIGH 7.8

DescriptionNVD

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

AnalysisAI

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Affected products include: Amd Ryzen 3 5100 Firmware, Amd Ryzen 3 5300G Firmware, Amd Ryzen 3 5300Ge Firmware, Amd Ryzen 5 5500 Firmware, Amd Ryzen 5 5600G Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

Share

CVE-2023-20563 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy