CVE-2023-20533

2023-11-1418:52:52

AMD

www.cve.org

cve-2023-20533

denial-of-service

system management unit

read/write

invalid dram address

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

21.2%

JSON

Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 3000 series Desktop Processors “Matisse\"",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ 5000 Series Desktop Processors “Vermeer”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors  “Chagall” WS",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "2nd Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "3rd Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™  Embedded 7002",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™  Embedded 7003",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD Ryzen™  Embedded 5000",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™ Embedded 7002",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™ Embedded 7003",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]