CVE-2023-20579

Description

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

AMD / AMD Ryzen™ 3000 Series Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 5000 Series Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 6000 Series Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 7000 Series Desktop ProcessorVarious – Various
AMD / AMD Ryzen™ 7020 Series Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphicsvarious – various
AMD / AMD Ryzen™ 7045 Series Mobile Processorsvarious – various
AMD / AMD Ryzen™Embedded V2000various – various
AMD / AMD Ryzen™Embedded V3000various – various

References

MISChttps://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009