Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-20579

Disclosure Date: February 13, 2024 •

CVE-2023-20579 CVSS v3 Base Score: 6.0

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Improper
Access Control in the AMD SPI protection feature may allow a user with Ring0
(kernel mode) privileged access to bypass protections potentially resulting in
loss of integrity and availability.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.0 Medium

Impact Score:

5.2

Exploitability Score:

0.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics various

AMD Ryzen™ 7000 Series Desktop Processor Various

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics various

AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics various

AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics various

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics various

AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics various

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics various

AMD Ryzen™ 7045 Series Mobile Processors various

AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics various

AMD Ryzen™ Embedded V2000 various

AMD Ryzen™ Embedded V3000 various

AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics various

AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics various

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Products

References

Canonical

CVE-2023-20579 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20579)

Miscellaneous

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009

Rapid7

Unknown

CVE-2023-20579

Unknown

Unknown

None

High

Local

CVE-2023-20579

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-20579

Unknown

Unknown

None

High

Local

CVE-2023-20579

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification