ГлавнаяУязвимости → CVE-2023-20578
7.5высокая

CVE-2023-20578

Описание

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Затрагиваемое ПО
Amd Epyc 8024pn firmwareAmd Epyc 8024pnAmd Epyc 8024p firmwareAmd Epyc 8024pAmd Epyc 8124pn firmwareAmd Epyc 8124pnAmd Epyc 8124p firmwareAmd Epyc 8124pAmd Epyc 8224pn firmwareAmd Epyc 8224pnAmd Epyc 8224p firmwareAmd Epyc 8224pAmd Epyc 8324pn firmwareAmd Epyc 8324pnAmd Epyc 8324p firmwareAmd Epyc 8324pAmd Epyc 8434pn firmwareAmd Epyc 8434pnAmd Epyc 8434p firmwareAmd Epyc 8434pAmd Epyc 8534pn firmwareAmd Epyc 8534pnAmd Epyc 8534p firmwareAmd Epyc 8534pAmd Epyc 9734 firmware
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Источники
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html