Skip to main content

Ryzen 3 3100 Firmware CVE-2023-20597

MEDIUM
Access of Uninitialized Pointer (CWE-824)
2023-09-20 psirt@amd.com
Memory Corruption Information Disclosure Ryzen 3 3100 Firmware Ryzen 3 3200G Firmware Ryzen 3 3200Ge Firmware Ryzen 3 3200U Firmware Ryzen 3 3250C Firmware Ryzen 3 3250U Firmware Ryzen 3 3300 Firmware Ryzen 3 3300G Firmware Ryzen 3 3300U Firmware Ryzen 3 3300X Firmware Ryzen 3 3350U Firmware Ryzen 3 3450U Firmware Ryzen 3 3500C Firmware Ryzen 3 3500U Firmware Ryzen 3 3550H Firmware Ryzen 3 3580U Firmware Ryzen 3 3700C Firmware Ryzen 3 3700U Firmware Ryzen 3 3750H Firmware Ryzen 3 3780U Firmware Ryzen 3100 Firmware Ryzen 3300X Firmware Ryzen 3500 Firmware Ryzen 3500X Firmware Ryzen 3600 Firmware Ryzen 3600X Firmware Ryzen 3600Xt Firmware Ryzen 3800X Firmware Ryzen 3800Xt Firmware Ryzen 3900 Firmware Ryzen 3900X Firmware Ryzen 3900Xt Firmware Ryzen 3945Wx Firmware Ryzen 3950X Firmware Ryzen 3955Wx Firmware Ryzen 3960X Firmware Ryzen 3970X Firmware Ryzen 3975Wx Firmware Ryzen 3990X Firmware Ryzen 3995Wx Firmware Ryzen 5 5500 Firmware Ryzen 5 5500U Firmware Ryzen 5 5560U Firmware Ryzen 5 5600 Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware Ryzen 5 5600H Firmware Ryzen 5 5600Hs Firmware Ryzen 5 5600U Firmware Ryzen 5 5600X Firmware Ryzen 5 5600X3D Firmware Ryzen 5 5625C Firmware Ryzen 5 5625U Firmware Ryzen 5 5700G Firmware Ryzen 5 5700Ge Firmware Ryzen 5300G Firmware Ryzen 5300Ge Firmware Ryzen 5500 Firmware Ryzen 5600 Firmware Ryzen 5600G Firmware Ryzen 5600Ge Firmware Ryzen 5600X Firmware Ryzen 5700G Firmware Ryzen 5700Ge Firmware Ryzen 5700X Firmware Ryzen 5800 Firmware Ryzen 5800X Firmware Ryzen 5800X3D Firmware Ryzen 5900 Firmware Ryzen 5900X Firmware Ryzen 5945Wx Firmware Ryzen 5950X Firmware Ryzen 5955Wx Firmware Ryzen 5965Wx Firmware Ryzen 5975Wx Firmware Ryzen 5995Wx Firmware Ryzen Threadripper 3960X Firmware Ryzen Threadripper 3970X Firmware Ryzen Threadripper 3990X Firmware Ryzen Threadripper Pro 3795Wx Firmware Ryzen Threadripper Pro 3945Wx Firmware Ryzen Threadripper Pro 3955Wx Firmware Ryzen Threadripper Pro 3975Wx Firmware Ryzen Threadripper Pro 3995Wx Firmware Ryzen 4300G Firmware Ryzen 4300Ge Firmware Ryzen 4600G Firmware Ryzen 4600Ge Firmware Ryzen 4700G Firmware Ryzen 4700Ge Firmware Ryzen 4700S Firmware Ryzen 6600H Firmware Ryzen 6600Hs Firmware Ryzen 6600U Firmware Ryzen 6800H Firmware Ryzen 6800Hs Firmware Ryzen 6800U Firmware Ryzen 6900Hs Firmware Ryzen 6900Hx Firmware Ryzen 6980Hs Firmware Ryzen 6980Hx Firmware
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 20, 2023 - 18:15 nvd
MEDIUM 5.5

DescriptionNVD

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

AnalysisAI

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-824. Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Affected products include: Amd Ryzen 3 3100 Firmware, Amd Ryzen 3 3200G Firmware, Amd Ryzen 3 3200Ge Firmware, Amd Ryzen 3 3200U Firmware, Amd Ryzen 3 3250C Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-20593 MEDIUM POC
5.5 Jul 24

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access s

CVE-2023-20533 HIGH
7.5 Nov 14

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva

CVE-2023-20589 MEDIUM
6.8 Aug 08

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault i

CVE-2022-23825 MEDIUM
6.5 Jul 14

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to in

CVE-2022-29900 MEDIUM
6.5 Jul 12

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain micr

CVE-2022-23823 MEDIUM
6.5 Jun 15

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute

CVE-2022-23824 MEDIUM
5.5 Nov 09

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential in

CVE-2021-26337 MEDIUM
5.5 Nov 16

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address

CVE-2021-26336 MEDIUM
5.5 Nov 16

Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result

CVE-2022-27672 MEDIUM
4.7 Mar 01

When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling threa

CVE-2023-20594 MEDIUM
4.4 Sep 20

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via loc

Share

CVE-2023-20597 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy