Ryzen 3 5100 Firmware
CVE-2023-20571
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation.
AnalysisAI
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-362. A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. Affected products include: Amd Ryzen 3 5100 Firmware, Amd Ryzen 3 5300G Firmware, Amd Ryzen 3 5300Ge Firmware, Amd Ryzen 5 5500 Firmware, Amd Ryzen 5 5600G Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ryzen 3 5100 Firmware
View allA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. R
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbi
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault i
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today