HomeAmdCVE-2023-20578

CVE-2023-20578

HIGH
7.5CVSS
Published: 2024-08-13
Updated: 2025-03-18
AI Analysis

Description

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

CVSS Metrics

Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
local
Complexity
high
Privileges
high
User Action
none
Scope
changed
Confidentiality
high
Integrity
high
Availability
high
Weaknesses
CWE-367CWE-367

Metadata

Primary Vendor
AMD
Published
8/13/2024
Last Modified
3/18/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

amd : epyc_8024pn_firmwareamd : epyc_8024p_firmwareamd : epyc_8124pn_firmwareamd : epyc_8124p_firmwareamd : epyc_8224pn_firmwareamd : epyc_8224p_firmwareamd : epyc_8324pn_firmwareamd : epyc_8324p_firmwareamd : epyc_8434pn_firmwareamd : epyc_8434p_firmwareamd : epyc_8534pn_firmwareamd : epyc_8534p_firmwareamd : epyc_9734_firmwareamd : epyc_9754s_firmwareamd : epyc_9754_firmwareamd : epyc_9184x_firmwareamd : epyc_9384x_firmwareamd : epyc_9684x_firmwareamd : epyc_9124_firmwareamd : epyc_9174f_firmwareamd : epyc_9224_firmwareamd : epyc_9254_firmwareamd : epyc_9274f_firmwareamd : epyc_9334_firmwareamd : epyc_9354_firmwareamd : epyc_9354p_firmwareamd : epyc_9374f_firmwareamd : epyc_9454_firmwareamd : epyc_9454p_firmwareamd : epyc_9474f_firmwareamd : epyc_9534_firmwareamd : epyc_9554_firmwareamd : epyc_9554p_firmwareamd : epyc_9634_firmwareamd : epyc_9654_firmwareamd : epyc_9654p_firmwareamd : epyc_7203_firmwareamd : epyc_7203p_firmwareamd : epyc_72f3_firmwareamd : epyc_7303_firmwareamd : epyc_7303p_firmwareamd : epyc_7313_firmwareamd : epyc_7313p_firmwareamd : epyc_7343_firmwareamd : epyc_73f3_firmwareamd : epyc_7373x_firmwareamd : epyc_7413_firmwareamd : epyc_7443_firmwareamd : epyc_7443p_firmwareamd : epyc_74f3_firmwareamd : epyc_7453_firmwareamd : epyc_7473x_firmwareamd : epyc_7513_firmwareamd : epyc_7543_firmwareamd : epyc_7543p_firmwareamd : epyc_75f3_firmwareamd : epyc_7573x_firmwareamd : epyc_7643_firmwareamd : epyc_7773x_firmwareamd : epyc_7643p_firmwareamd : epyc_7663_firmwareamd : epyc_7663p_firmwareamd : epyc_7713_firmwareamd : epyc_7713p_firmwareamd : epyc_7763_firmwareamd : epyc_7h12_firmwareamd : epyc_7f72_firmwareamd : epyc_7f52_firmwareamd : epyc_7f32_firmwareamd : epyc_7742_firmwareamd : epyc_7702p_firmwareamd : epyc_7702_firmwareamd : epyc_7662_firmwareamd : epyc_7642_firmwareamd : epyc_7552_firmwareamd : epyc_7542_firmwareamd : epyc_7532_firmwareamd : epyc_7502p_firmwareamd : epyc_7502_firmwareamd : epyc_7452_firmwareamd : epyc_7402p_firmwareamd : epyc_7402_firmwareamd : epyc_7352_firmwareamd : epyc_7302p_firmwareamd : epyc_7302_firmwareamd : epyc_7282_firmwareamd : epyc_7272_firmwareamd : epyc_7262_firmwareamd : epyc_7252_firmwareamd : epyc_7232p_firmwareamd : epyc_7601_firmwareamd : epyc_7551p_firmwareamd : epyc_7551_firmwareamd : epyc_7501_firmwareamd : epyc_7451_firmwareamd : epyc_7401p_firmwareamd : epyc_7401_firmwareamd : epyc_7371_firmwareamd : epyc_7351p_firmwareamd : epyc_7351_firmwareamd : epyc_7301_firmwareamd : epyc_7281_firmwareamd : epyc_7261_firmwareamd : epyc_7251_firmwareamd : epyc_7001_firmware

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2023-20578 | HIGH Severity | CVEDatabase.com | CVEDatabase.com