HIGH🇵🇱 Wersja polska

CVE-2023-20578

CVSS 7.5v3.1pub. 2024-08-13upd. 2025-03-18

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Amd Epyc 7203

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7203 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7203p

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7203p Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 72f3

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 72f3 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7303

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7303 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7303p

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7303p Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7313

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7313 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7313p

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7313p Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7343

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7343 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7373x

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7373x Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 73f3

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 73f3 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7413

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7413 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7443

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7443 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 7443p

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 7443p Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 74f3

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 74f3 Firmware

    OS
    Amd
    < milanpi_1.0.0.5
  • Amd Epyc 8024p

    HW
    Amd
    wszystkie wersje
  • Amd Epyc 8024p Firmware

    OS
    Amd
    < genoapi_1.0.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCERace Condition
CWE
References

Related vulnerabilities

CVE-2023-20520CRITICAL9.8ten sam produkt

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing...

CVE-2021-26379CRITICAL9.8ten sam produkt

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SM...

CVE-2021-46756CRITICAL9.1ten sam produkt

Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow...

CVE-2021-26344HIGH7.2ten sam produkt

An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker ...

CVE-2024-21980HIGH7.9ten sam produkt

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially ove...