Vulnerability in Amd Epyc™ Embedded 7003

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

EPSS: 0.001 (19.8th percentile) — read the EPSS interpretation.

Affected products

Amd Epyc™ Embedded 7003 — versions EmbMilanPI-SP3 1.0.0.6
Amd Ryzen™ Embedded 5000 — versions EmbAM4PI 1.0.0.2
Amd Ryzen™ Embedded V2000 — versions EmbeddedPI-FP6 1.0.0.8
Amd Ryzen™ Embedded V3000 — versions EmbeddedPI-FP7r2 1.0.0.4
Amd Ryzen™ 3000 Series Desktop Processors “Matisse” — versions various
Amd Ryzen™ 5000 Series Desktop Processors “Vermeer” — versions various
Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics “Cezanne” — versions various
Amd Ryzen™ 5000 Series Mobile Processors With Radeon™ Graphics "Barcelo" — versions various
Amd Ryzen™ 6000 Series Mobile Processors With Radeon™ Graphics "Rembrandt" — versions various
Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics “Barcelo-r” — versions various

Weakness classification (CWE)

CWE-824 — Access of Uninitialized Pointer

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 (vendor-advisory)