CVE-2023-20579
MEDIUMAMD Ryzen 5000/7000 Series Firmware - Improper Access Control in SPI Protection Feature
Title source: llmDescription
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009
Scores
CVSS v3
6.0
EPSS
0.0001
EPSS Percentile
0.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (50)
amd/ryzen_3_3200u_firmware
< cezannepi-fp6_1.0.1.0
amd/ryzen_3_3250c_firmware
< cezannepi-fp6_1.0.1.0
amd/ryzen_3_3250u_firmware
< cezannepi-fp6_1.0.1.0
amd/ryzen_3_3300u_firmware
< cezannepi-fp6_1.0.1.0
amd/ryzen_3_3350u_firmware
< cezannepi-fp6_1.0.1.0
amd/ryzen_3_4300g_firmware
< comboam4v2pi_1.2.0.c
amd/ryzen_3_4300ge_firmware
< comboam4v2pi_1.2.0.c
amd/ryzen_3_4300u_firmware
< renoirpi-fp6_1.0.0.d
amd/ryzen_3_5125c_firmware
< cezannepi-fp6_1.0.1.0
amd/ryzen_3_5300g_firmware
< comboam4v2pi_1.2.0.c
... and 40 more
Published
Feb 13, 2024
Tracked Since
Feb 18, 2026