Unrated severityNVD Advisory· Published Aug 13, 2024· Updated Mar 18, 2025

CVE-2023-20578

Description

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Affected products

AMD/AMD processorscpe-rescue4 versions
NaplesPI 1.0.0.K+ 3 more
- (no CPE)range: NaplesPI 1.0.0.K
- (no CPE)range: RomePI 1.0.0.G
- (no CPE)range: MilanPI 1.0.0.B
- (no CPE)range: GenoaPI 1.0.0.2
AMD/AMD EPYC™ Embedded 3000v5
Range: SnowyOwl PI 1.1.0.A
AMD/AMD EPYC™ Embedded 7002v5
Range: EmbRomePI-SP3 1.0.0.A
AMD/AMD EPYC™ Embedded 7003v5
Range: EmbMilanPI-SP3 1.0.0.7
AMD/AMD EPYC™ Embedded 9003v5
Range: EmbGenoaPI-SP5 1.0.0.0
AMD/AMD Ryzen™ 6000 Series Processors with Radeon™ Graphicsv5
Range: RembrandtPI-FP7 1.0.0.9b
AMD/AMD Ryzen™ 7000 Series Desktop Processorsv5
Range: ComboAM5 1.0.0.1
AMD/AMD Ryzen™ 7020 Series Processors with Radeon™ Graphicsv5
Range: MendocinoPI-FT6 1.0.0.0
AMD/AMD Ryzen™ 7035 Series Processors with Radeon™ Graphicsv5
Range: RembrandtPI-FP7 1.0.0.9b
AMD/AMD Ryzen™ Embedded 7000v5
Range: EmbeddedAM5PI 1.0.0.0
AMD/AMD RyzenTM Embedded V3000v5
Range: EmbeddedPI-FP7r2 1.0.0.8
AMD/AMD Ryzen™ Threadripper™ PRO 5000WX Processorsv5
Range: ChagallWSPI-sWRX8 1.0.0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.htmlmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000