CVE-2023-20533

Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H
AMDCNA
6.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
amdryzen_9_3950x_firmware
-
amdryzen_9_3900xt_firmware
-
amdryzen_9_3900x_firmware
-
amdryzen_9_3900_firmware
-
amdryzen_7_3800xt_firmware
-
amdryzen_7_3800x_firmware
-
amdryzen_7_3700x_firmware
-
amdryzen_5_3600xt_firmware
-
amdryzen_5_3600x_firmware
-
amdryzen_5_3600_firmware
-
amdryzen_5_3500x_firmware
-
amdryzen_5_3500_firmware
-
amdryzen_3_3300x_firmware
-
amdryzen_3_3100_firmware
-
amdryzen_threadripper_pro_3945wx_firmware
-
amdryzen_threadripper_pro_3955wx_firmware
-
amdryzen_threadripper_pro_3975wx_firmware
-
amdryzen_threadripper_pro_3995wx_firmware
-
𝑥
= Vulnerable software versions
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001