CVE-2023-20563

HIGH

AMD Ryzen 3/5/7 Firmware < comboam4v2_1.2.0.b or < comboam5_1.0.7.0 - Privilege Escalation via SMM

Title source: llm

Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access.

Core 2

Core References

Vendor Advisory vendor-advisory

Vendor Advisory vendor-advisory

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-269

Status published

Products (50)

amd/ryzen_3_5100_firmware < comboam4v2_1.2.0.b

amd/ryzen_3_5125c_firmware < cezannepi-fp6_1.0.0.f

amd/ryzen_3_5300g_firmware < comboam4v2_1.2.0.b

amd/ryzen_3_5300ge_firmware < comboam4v2_1.2.0.b

amd/ryzen_3_5400u_firmware < cezannepi-fp6_1.0.0.f

amd/ryzen_3_5425u_firmware < cezannepi-fp6_1.0.0.f

amd/ryzen_3_7335u_firmware < rembrandtpi-fp7_1.0.0.9

amd/ryzen_3_pro_7330u_firmware < cezannepi-fp6_1.0.0.f

amd/ryzen_3_pro_7440u_firmware < phoenixpi-fp8-fp7_pi_1.0.0.1g

amd/ryzen_5_5500_firmware < comboam4v2_1.2.0.b

... and 40 more

Published Nov 14, 2023

Tracked Since Feb 18, 2026