Ryzen 3 3100 Firmware
CVE-2023-20597
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
AnalysisAI
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-824. Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Affected products include: Amd Ryzen 3 3100 Firmware, Amd Ryzen 3 3200G Firmware, Amd Ryzen 3 3200Ge Firmware, Amd Ryzen 3 3200U Firmware, Amd Ryzen 3 3250C Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ryzen 3 3100 Firmware
View allAn issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access s
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault i
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to in
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain micr
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential in
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address
Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling threa
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via loc
Same weakness CWE-824 – Access of Uninitialized Pointer
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today