DXE Driver Memory Leaks

Bulletin ID: AMD-SB-4007 **Potential Impact:**Data Leakage **Severity:**Medium

Summary

Potential memory leak vulnerabilities in AMD Driver Execution Environment (DXE) driver.

CVE Details

Refer to Glossary for explanation of terms

CVE	Severity	Description
CVE-2023-20594	Medium	Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
CVE-2023-20597	Medium	Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Mitigation

The Platform Initialization (PI) firmware versions listed below have been released to the Original Equipment Manufacturers (OEM) as a mitigation for these issues. Please refer to your OEM for the BIOS update specific to your product.

June 2024 Update:

After additional analysis, AMD believes that the Client AGESA™ firmware versions previously provided did not sufficiently mitigate CVE-2023-20594. This security bulletin has been updated with new Client AGESA™ firmware versions that contain updated mitigations.

AMD has also updated the status of affected products. Refer to the mitigation section below.

DATA CENTER

CVE	1st Gen AMD EPYC™ Processors	2nd Gen AMD EPYC™ Processors	3rd Gen AMD EPYC™ Processors	4th Gen AMD EPYC™ Processors
Minimum firmware versions to mitigate all applicable CVEs	N/A	N/A	MilanPI 1.0.0.A
(2022-10-28)	N/A
CVE-2023-20594	Not affected	Not affected	Not affected	Not affected
CVE-2023-20597	Not affected	Not affected	MilanPI 1.0.0.A
(2022-10-28)	Not affected

EMBEDDED PROCESSORS

CVE	AMD EPYC™ Embedded 3000	AMD EPYC™ Embedded 7002	AMD EPYC™ Embedded 7003	AMD EPYC™ Embedded 9003
Minimum firmware versions to mitigate all applicable CVEs	N/A	N/A	EmbMilanPI-SP3 1.0.0.6
(2022-12-12)	N/A
CVE-2023-20594	Not affected	Not affected	Not affected	Not affected
CVE-2023-20597	Not affected	Not affected	EmbMilanPI-SP3 1.0.0.6
(2022-12-12)	Not affected

CVE	AMD RYZEN™ Embedded R1000	AMD RYZEN™ Embedded R2000	AMD RYZEN™ Embedded 5000	AMD RYZEN™ Embedded 7000
Minimum firmware versions to mitigate all applicable CVEs	TBD	TBD	EmbAM4PI 1.0.0.2
(2022-10-31)	EmbeddedAM5PI 1.0.0.1
(Target June 2024)
CVE-2023-20594	EmbeddedPI-FP5 1.2.0.C
(Target June 2024)	EmbeddedPI-FP5 1.2.0.C
(Target June 2024)	Not affected	EmbeddedAM5PI 1.0.0.1
(Target June 2024)
CVE-2023-20597	Not affected	Not affected	EmbAM4PI 1.0.0.2
(2022-10-31)

CVE	AMD Ryzen™Embedded V1000	AMD RYZEN™ Embedded v2000	AMD RYZEN™ Embedded V3000
All V1000 OPNs excluding YE1500C4T4MFH	YE1500C4T4MFH
Minimum firmware versions to mitigate all applicable CVEs	N/A	EmbeddedPI-FP6 1.0.0.9
(2024-04-15)	Embedded-PI FP7r2 1.0.1.0
(Target Sept 2024)
CVE-2023-20594	Fix not planned	EmbeddedPI-FP6 1.0.0.9
(2024-04-15)	Embedded-PI_FP7r2 1.0.1.0
(Target Sept 2024)
CVE-2023-20597	Not affected	EmbeddedPI-FP6 1.0.0.8
(2023-07-31)	EmbeddedPI-FP7r2 1.0.0.4
(2023-04-28)

CLIENT

DESKTOP

CVE	AMD Ryzen™ 3000 Series Desktop Processors (Formerly codenamed) “Matisse”	AMD Ryzen™ 5000 Series Desktop Processors (Formerly codenamed) “Vermeer”	AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics (Formerly codenamed) “Cezanne”	AMD Ryzen™ 7000 Series Desktop Processors (Formerly codenamed) “Raphael” X3D	AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (Formerly codenamed) “Picasso” AM4
Minimum firmware versions to mitigate all applicable CVEs	ComboAM4PI 1.0.0.9
(2022-07-13)ComboAM4v2PI 1.2.0.8
(2022-07-29)	ComboAM4v2PI 1.2.0.8
(2022-07-29)	ComboAM4v2PI 1.2.0.C
(2024-02-07)	ComboAM5 1.1.7.0
(2024-04-27)	N/A
CVE-2023-20594	Not affected	Not affected	ComboAM4v2PI 1.2.0.C
(2024-02-07)	ComboAM5 1.1.7.0
(2024-04-27)	Fix not planned
CVE-2023-20597	ComboAM4PI 1.0.0.9
(2022-07-13)ComboAM4v2PI 1.2.0.8
(2022-07-29)	ComboAM4v2PI 1.2.0.8
(2022-07-29)	ComboAM4v2PI 1.2.0.8
(2022-07-29)	Not affected	Not affected

CVE	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (Formerly codenamed) “Renoir” AM4	AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Phoenix” AM5
Minimum firmware versions to mitigate all applicable CVEs	ComboAM4v2PI 1.2.0.C
(2024-02-07)	ComboAM5 1.1.7.0
(2024-04-27)
CVE-2023-20594	ComboAM4v2PI 1.2.0.C
(2024-02-07)	ComboAM5 1.1.7.0
(2024-04-27)
CVE-2023-20597	ComboAM4v2PI 1.2.0.8
(2022-07-29)	Not affected

HIGH END DESKTOP (HEDT)

CVE	AMD Ryzen™ Threadripper™ 3000 Series Processors (Formerly codenamed) “Castle Peak” HEDT
Minimum firmware versions to mitigate all applicable CVEs	CastlePeakPI-SP3r3 1.0.0.8
(2022-12-01)
CVE-2023-20594	Not affected
CVE-2023-20597	CastlePeakPI-SP3r3 1.0.0.8
(2022-12-01)

WORKSTATION

CVE	AMD Ryzen™ Threadripper™ PRO Processors (Formerly codenamed) “Castle Peak” WS SP3	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors (Formerly codenamed) “Chagall” WS
Minimum firmware versions to mitigate all applicable CVEs	CastlePeakWSPI-sWRX8 1.0.0.A
(2022-11-23)ChagallWSPI-sWRX8 1.0.0.4
(2022-06-15)	ChagallWSPI-sWRX8 1.0.0.4
(2022-06-15)
CVE-2023-20594	Not affected	Not affected
CVE-2023-20597	CastlePeakWSPI-sWRX8 1.0.0.A
(2022-11-23)ChagallWSPI-sWRX8 1.0.0.4
(2022-06-15)	ChagallWSPI-sWRX8 1.0.0.4
(2022-06-15)

MOBILE - AMD Athlon ™ Series Processors

CVE	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Dali”/”Dali” ULP	AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed)“Pollock”
Minimum firmware versions to mitigate all applicable CVEs	PicassoPI-FP5 1.0.1.1
(2024-03-08)	PollockPI-FT5 1.0.0.8
(Target July 2024)
CVE-2023-20594	PicassoPI-FP5 1.0.1.1
(2024-03-08)	PollockPI-FT5 1.0.0.8
(Target July 2024)
CVE-2023-20597	Not affected	Not affected

MOBILE – AMD Ryzen™ Series Processors

CVE	AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics (Formerly codenamed) “Picasso” FP5	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Renoir” FP6	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Lucienne”	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Cezanne”	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (Formerly codenamed) “Mendocino” FT6
Minimum firmware versions to mitigate all applicable CVEs	PicassoPI-FP5 1.0.1.1_(2024-03-08)_	RenoirPI-FP6 1.0.0.D (2024-02-29)	CezannePI-FP6_1.0.1.0_(2024-01-25)_	CezannePI-P6_1.0.1.0_(2024-01-25)_	MendocinoPI-FT6_1.0.0.7_(2024-07-03)_
CVE-2023-20594	PicassoPI-FP5 1.0.1.1_(2024-03-08)_	RenoirPI-FP6 1.0.0.D (2024-02-29)	CezannePI-FP6_1.0.1.0_(2024-01-25)_	CezannePI-P6_1.0.1.0_(2024-01-25)_	MendocinoPI-FT6_1.0.0.7_(2024-07-03)_
CVE-2023-20597	Not affected	RenoirPI-FP6 1.0.0.9(2022-06-22)	CezannePI-FP6 1.0.0.B(2022-06-15)	CezannePI-FP6 1.0.0.B(2022-06-15)	Not affected

CVE|AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Rembrandt”|AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (Formerly codenamed) “Rembrandt-R”|AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (Formerly codenamed) “Barcelo”|AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed)
“Barcelo-R”|AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics (Formerly codenamed) “Phoenix” FP7/FP7r2/FP8|AMD Ryzen™ 7045 Series Mobile Processors (Formerly codenamed) “Dragon Range”
—|—|—|—|—|—|—
Minimum firmware versions to mitigate all applicable CVEs| RembrandtPI-FP7 1.0.0.B
(2024-06-26)| RembrandtPI-FP7
1.0.0.B
(2024-06-26)| CezannePI-FP6
1.0.1.0
(2024-01-25)| CezannePI-FP6
1.0.1.0
(2024-01-25)| PhoenixPI-FP8-FP7 1.1.0.2a
(2024-01-23)| DragonRangeFL1PI 1.0.0.3d
(2024-01-29)
CVE-2023-20594| RembrandtPI-FP7 1.0.0.B
(2024-06-26)| RembrandtPI-FP7
1.0.0.B
(2024-06-26)| CezannePI-FP6
1.0.1.0
(2024-01-25)| CezannePI-FP6
1.0.1.0
(2024-01-25)| PhoenixPI-FP8-FP7 1.1.0.2a
(2024-01-23)| DragonRangeFL1PI 1.0.0.3d
(2024-01-29)
CVE-2023-20597| RembrandtPI-FP7 1.0.0.6
(2022-09-01)| RembrandtPI-FP7 1.0.0.6
(2022-09-01)| CezannePI-FP6 1.0.0.B
(2022-06-15)| CezannePI-FP6 1.0.0.B
(2022-06-15)| Not affected| Not affected