CVE-2023-20597

2023-09-2017:32:18

AMD

www.cve.org

initialization variables

cve-2023-20597

privileged user

local access

sensitive information

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 3000 Series Desktop Processors “Matisse”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 5000 Series Desktop Processors “Vermeer” ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics  “Cezanne” ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics \"Rembrandt\"",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics \"Rembrandt-R\"",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics \"Barcelo\"",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007