CVE-2023-20596

CRITICAL

SMM Supervisor - RCE

Title source: llm

Description

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

References (1)

[Vendor Advisory] https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 66.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (50)

amd/ryzen_7_5700g_firmware < comboam4v2_1.2.0.b

amd/ryzen_7_5700ge_firmware < comboam4v2_1.2.0.b

amd/ryzen_5_5600g_firmware < comboam4v2_1.2.0.b

amd/ryzen_5_5600ge_firmware < comboam4v2_1.2.0.b

amd/ryzen_3_5300g_firmware < comboam4v2_1.2.0.b

amd/ryzen_3_5300ge_firmware < comboam4v2_1.2.0.b

amd/ryzen_9_7950x3d_firmware < comboam5pi_1.0.8.0

amd/ryzen_9_7950x_firmware < comboam5pi_1.0.8.0

amd/ryzen_9_7900x3d_firmware < comboam5pi_1.0.8.0

amd/ryzen_9_7900_firmware < comboam5pi_1.0.8.0

amd/ryzen_9_7900x_firmware < comboam5pi_1.0.8.0

amd/ryzen_9_pro_7945_firmware < comboam5pi_1.0.8.0

amd/ryzen_7_7800x3d_firmware < comboam5pi_1.0.8.0

amd/ryzen_7_7700x_firmware < comboam5pi_1.0.8.0

amd/ryzen_7_7700_firmware < comboam5pi_1.0.8.0

... and 35 more

Timeline

Published Nov 14, 2023

Tracked Since Feb 18, 2026