Ryzen 3 5100 Firmware
CVE-2023-20563
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.
AnalysisAI
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. Affected products include: Amd Ryzen 3 5100 Firmware, Amd Ryzen 3 5300G Firmware, Amd Ryzen 3 5300Ge Firmware, Amd Ryzen 5 5500 Firmware, Amd Ryzen 5 5600G Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Ryzen 3 5100 Firmware
View allA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. R
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage C
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbi
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault i
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today