8.8
Advisory Published
Updated

CVE-2023-20558

First published: Sun Apr 02 2023(Updated: )

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.

Credit: psirt@amd.com

Affected SoftwareAffected VersionHow to fix
Amd Ryzen 7 5700g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700g
Amd Ryzen 7 5700ge Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 5700ge
Amd Ryzen 5 5600g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 5600g
Amd Ryzen 5 5600ge Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 5600ge
Amd Ryzen 3 5300g Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 3 5300g
Amd Ryzen 3 5300ge Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 3 5300ge
Amd Ryzen 9 5980hx Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 9 5980hx
Amd Ryzen 9 5980hs Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 9 5980hs
Amd Ryzen 7 5825u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 7 5825u
Amd Ryzen 9 5900hx Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 9 5900hx
Amd Ryzen 9 5900hs Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 9 5900hs
Amd Ryzen 7 5825c Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 7 5825c
Amd Ryzen 7 5800h Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 7 5800h
Amd Ryzen 5 5625u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 5 5625u
Amd Ryzen 7 5800hs Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 7 5800hs
Amd Ryzen 5 5625c Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 5 5625c
Amd Ryzen 5 5600h Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 5 5600h
Amd Ryzen 5 5600hs Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 5 5600hs
Amd Ryzen 7 5800u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 7 5800u
Amd Ryzen 5 5600u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 5 5600u
Amd Ryzen 5 5560u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 5 5560u
Amd Ryzen 3 5425u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 3 5425u
Amd Ryzen 3 5425c Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 3 5425c
Amd Ryzen 3 5400u Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 3 5400u
Amd Ryzen 3 5125c Firmware<cezannepi-fp6_1.0.0.9
Amd Ryzen 3 5125c
Amd Athlon Silver 3050u Firmware
Amd Athlon Silver 3050u
Amd Athlon Gold 3150u Firmware
Amd Athlon Gold 3150u
Amd Ryzen 3 3200u Firmware
Amd Ryzen 3 3200u
Amd Ryzen 3 3250u Firmware
Amd Ryzen 3 3250u
Amd Ryzen 3 3300u Firmware
Amd Ryzen 3 3300u
Amd Ryzen 3 3350u Firmware
Amd Ryzen 3 3350u
Amd Ryzen 3 3450u Firmware
Amd Ryzen 3 3450u
Amd Ryzen 3 3500u Firmware
Amd Ryzen 3 3500u
Amd Ryzen 3 3500c Firmware
Amd Ryzen 3 3500c
Amd Ryzen 3 3550h Firmware
Amd Ryzen 3 3550h
Amd Ryzen 3 3580u Firmware
Amd Ryzen 3 3580u
Amd Ryzen 3 3700u Firmware
Amd Ryzen 3 3700u
Amd Ryzen 3 3700c Firmware
Amd Ryzen 3 3700c
Amd Ryzen 3 3750h Firmware
Amd Ryzen 3 3750h
Amd Ryzen 3 3780u Firmware
Amd Ryzen 3 3780u
Amd Ryzen 3 2200u Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 3 2200u
Amd Ryzen 3 2300u Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 3 2300u
Amd Ryzen 5 2500u Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 5 2500u
Amd Ryzen 5 2600 Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 5 2600
Amd Ryzen 5 2600h Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 5 2600h
Amd Ryzen 5 2600x Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 5 2600x
Amd Ryzen 5 2700 Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 5 2700
Amd Ryzen 5 2700x Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 5 2700x
Amd Ryzen 7 2700 Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 7 2700
Amd Ryzen 7 2700u Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 7 2700u
Amd Ryzen 7 2700x Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 7 2700x
Amd Ryzen 7 2800h Firmware<comboam4v2_pi_1.2.0.6c
Amd Ryzen 7 2800h
Amd Ryzen 3 3300x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 3 3300x
Amd Ryzen 5 3500 Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 3500
Amd Ryzen 5 3500x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 3500x
Amd Ryzen 5 3600 Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 3600
Amd Ryzen 5 3600x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 3600x
Amd Ryzen 5 3600xt Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 5 3600xt
Amd Ryzen 7 3700x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 3700x
Amd Ryzen 7 3800x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 3800x
Amd Ryzen 7 3800xt Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 7 3800xt
Amd Ryzen 9 3900 Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 9 3900
Amd Ryzen 9 3900x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 9 3900x
Amd Ryzen 9 3900xt Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 9 3900xt
Amd Ryzen 9 3950x Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 9 3950x
Amd Ryzen 9 Pro 3900 Firmware<comboam4_v2_pi_1.2.0.6c
Amd Ryzen 9 Pro 3900
Amd Ryzen Threadripper 2990wx Firmware<summitpi-sp3r2_1.1.0.5
Amd Ryzen Threadripper 2990wx
Amd Ryzen Threadripper 2970wx Firmware<summitpi-sp3r2_1.1.0.5
Amd Ryzen Threadripper 2970wx
Amd Ryzen Threadripper 2950x Firmware<summitpi-sp3r2_1.1.0.5
Amd Ryzen Threadripper 2950x
Amd Ryzen Threadripper 2920x Firmware<summitpi-sp3r2_1.1.0.5
Amd Ryzen Threadripper 2920x
Amd Ryzen Threadripper 3990x Firmware<castlepeakpi-sp3r3_1.0.0.6
Amd Ryzen Threadripper 3990x
Amd Ryzen Threadripper 3970x Firmware<castlepeakpi-sp3r3_1.0.0.6
Amd Ryzen Threadripper 3970x
Amd Ryzen Threadripper 3960x Firmware<castlepeakpi-sp3r3_1.0.0.6
Amd Ryzen Threadripper 3960x
Amd Ryzen Threadripper Pro 3795wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 3795wx
Amd Ryzen Threadripper Pro 3945wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 3945wx
Amd Ryzen Threadripper Pro 3955wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 3955wx
Amd Ryzen Threadripper Pro 3975wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 3975wx
Amd Ryzen Threadripper Pro 3995wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 3995wx
Amd Ryzen Threadripper Pro 5945wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 5945wx
Amd Ryzen Threadripper Pro 5955wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 5955wx
Amd Ryzen Threadripper Pro 5965wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 5965wx
Amd Ryzen Threadripper Pro 5975wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 5975wx
Amd Ryzen Threadripper Pro 5995wx Firmware<castlepeakwspi-swrx8_1.0.0.9
Amd Ryzen Threadripper Pro 5995wx
Amd Ryzen 7 4700g Firmware<renoirpi-fp6_1.0.0.7
Amd Ryzen 7 4700g
Amd Ryzen 7 4700ge Firmware<renoirpi-fp6_1.0.0.7
Amd Ryzen 7 4700ge
Amd Ryzen 5 4600g Firmware<renoirpi-fp6_1.0.0.7
Amd Ryzen 5 4600g
Amd Ryzen 5 4600ge Firmware<renoirpi-fp6_1.0.0.7
Amd Ryzen 5 4600ge
Amd Ryzen 3 4300g Firmware<renoirpi-fp6_1.0.0.7
Amd Ryzen 3 4300g
Amd Ryzen 3 4300ge Firmware<renoirpi-fp6_1.0.0.7
Amd Ryzen 3 4300ge

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this issue?

    CVE-2023-20558

  • What is the severity of CVE-2023-20558?

    The severity of CVE-2023-20558 is rated as high with a CVSS score of 8.8.

  • Which software versions are affected by CVE-2023-20558?

    Amd Ryzen 7 5700g, Ryzen 5 5600g, Ryzen 3 5300g, Ryzen 9 5980hx, Ryzen 7 5825u, Ryzen 9 5900hx, and more firmware versions are affected by CVE-2023-20558.

  • How can a privileged attacker exploit CVE-2023-20558?

    A privileged attacker may exploit insufficient control flow management in AmdCpmOemSmm to tamper with the SMM handler, potentially leading to an escalation of privileges.

  • Is Amd Ryzen 7 5800h vulnerable to CVE-2023-20558?

    No, Amd Ryzen 7 5800h is not vulnerable to CVE-2023-20558.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203