Vulnerability in Amd 2nd Gen Ryzen™ Threadripper™ Processor
CVE-2023-20558
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.
Affected products
- Amd 2nd Gen Ryzen™ Threadripper™ Processor — versions Various
- Amd 3rd Gen Ryzen™ Threadripper™ Processors — versions various
- Amd Ryzen™ 2000 Series — versions various
- Amd Ryzen™ 3000 Series — versions various
- Amd Ryzen™ 4000 Series — versions various
- Amd Ryzen™ 5000 Series — versions various
- Amd Ryzen™ Threadripper™ Pro Processor — versions various
References
- www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html (vendor-advisory)