CVE-2023-20596
CVE-2023-20596
In short
A security weakness in the SMM Supervisor allows someone who has already compromised a system component (SMI handler) to gain the highest level of access to the computer, potentially letting them run any code they want.
Technical detail
Improper input validation in the SMM Supervisor fails to properly sanitize data from a compromised SMI handler, allowing an attacker to escalate privileges to Ring 0. This requires prior SMI handler compromise and enables arbitrary code execution at the firmware level.
Summary generated and translated by AI from the official description.
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.
Affected products
AMD · AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD · AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”AMD · Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4AMD · Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD · Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”AMD · Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3DAMD · Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →