CVE-2023-20594

Description

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

4.4 Medium

Impact Score:

3.6

Exploitability Score:

0.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Ryzen™ 3000 Series Desktop Processors “Matisse” not down converted

Ryzen™ 5000 Series Desktop Processors “Vermeer” not down converted

Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” not down converted

Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4 not down converted

Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT not down converted

Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 not down converted

Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 not down converted

Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 not down converted

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” not down converted

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne” not down converted

Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt" not down converted

Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R" not down converted

Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo" not down converted

Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” not down converted

3rd Gen AMD EPYC™ Processors not down converted

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Products

References

Canonical

CVE-2023-20594 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20594)

Miscellaneous

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007

Rapid7

Unknown

Unknown

Unknown

None

High

Local

CVE-2023-20594

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-20594

Unknown

Unknown

None

High

Local

CVE-2023-20594

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification