CVE-2023-20578
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Aug 13, 2024
Updated: Oct 2, 2024
CWE ID 367
Summary
CVE-2023-20578 is a Time-Of-Check-Time-Of-Use (TOCTOU) vulnerability affecting the System Management Mode (SMM). An attacker with ring0 privileges and access to the BIOS menu or UEFI shell can exploit this flaw to modify the communications buffer in SMM. The consequence of this manipulation could be arbitrary code execution, posing a significant security risk. This issue emphasizes the importance of securing low-level system components and updating firmware regularly to mitigate such vulnerabilities.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Advanced Micro Devices (AMD) EPYC 75F3 FIRMWARE
- Advanced Micro Devices (AMD) EPYC 7343 FIRMWARE
- Advanced Micro Devices (AMD) EPYC 7513 FIRMWARE
- Advanced Micro Devices (AMD) EPYC 74F3 FIRMWARE
- Advanced Micro Devices (AMD) EPYC 7643 FIRMWARE
Affected Vendors
- Advanced Micro Devices
- amd