#VU79242 Buffer overflow in AMD products - CVE-2023-20555

Vulnerability identifier: #VU79242

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-20555

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
AMD Ryzen 3000 Series Desktop processors
AMD Ryzen 5000 Series Desktop Processors
AMD Ryzen 5000 Series Desktop processor with Radeon graphics
AMD Ryzen 7000 Series Processors
AMD Athlon 3000 Series Desktop Processors with Radeon Graphics
AMD Ryzen 4000 Series Desktop processors with Radeon graphics
AMD Athlon 3000 Series Mobile processors with Radeon Graphics
AMD Ryzen 3000 Series Mobile Processors with Radeon Graphics
AMD Ryzen 4000 Series Mobile processors with Radeon graphics
AMD Ryzen 5000 Series Mobile processors with Radeon graphics
AMD Ryzen 6000 Series Mobile Processors
AMD Ryzen 7030 Series Mobile Processors
AMD Ryzen 7020 Series Mobile Processors

Software vendor:
AMD

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the CpmDisplayFeatureSmm in SMM driver. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Install updates from vendor's website.

• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4003.html