Vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “Picasso”
CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.
Affected products
- Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “Picasso” — versions various
- Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “Dali”/”dali” Fp5 — versions various
- Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “Pollock” — versions various
- Amd Ryzen™ 3000 Series Desktop Processors “Matisse” Am4 — versions various
- Amd Ryzen™ 3000 Series Mobile Processors With Radeon™ Graphics “Picasso” — versions various
- Amd Ryzen™ 4000 Series Desktop Processors With Radeon™ Graphics “Renoir” Fp5 — versions various
- Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics “Renoir” Fp6 — versions various
- Amd Ryzen™ 5000 Series Desktop Processors “Vermeer” Am4 — versions various
- Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “Cezanne” Am4 — versions various
- Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics “Cezanne” — versions various
References
- www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 (vendor-advisory)