CVE-2023-20530

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7003:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:epyc_72f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_72f3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:epyc_7313_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:epyc_7313p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7313p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:epyc_7343_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7343:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:epyc_7373x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7373x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:epyc_73f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_73f3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:epyc_7413_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7413:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:epyc_7443_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:epyc_7443p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7443p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:epyc_7453_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7453:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:epyc_74f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_74f3:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:epyc_7513_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7513:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:epyc_7543_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:epyc_7543p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7543p:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:epyc_7573x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7573x:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:epyc_75f3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_75f3:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:epyc_7643_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7643:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:epyc_7663_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7663:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:epyc_7713_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:epyc_7713p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7713p:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:epyc_7743_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7743:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:epyc_7763_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7763:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:amd:epyc_7773x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7773x:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:06

Type	Values Removed	Values Added
Summary	~~Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.~~	Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

20 Jan 2023, 17:56

Type	Values Removed	Values Added
References	~~(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 -~~	(MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 - Vendor Advisory
CPE		cpe:2.3:h:amd:epyc_7713:-:::::::* cpe:2.3:h:amd:epyc_72f3:-:::::::* cpe:2.3:o:amd:epyc_7443_firmware:::::::: cpe:2.3:h:amd:epyc_7453:-:::::::* cpe:2.3:o:amd:epyc_7643_firmware:::::::: cpe:2.3:o:amd:epyc_7313p_firmware:::::::: cpe:2.3:h:amd:epyc_7513:-:::::::* cpe:2.3:h:amd:epyc_75f3:-:::::::* cpe:2.3:o:amd:epyc_7343_firmware:::::::: cpe:2.3:h:amd:epyc_7743:-:::::::* cpe:2.3:o:amd:epyc_74f3_firmware:::::::: cpe:2.3:h:amd:epyc_7713p:-:::::::* cpe:2.3:h:amd:epyc_7443:-:::::::* cpe:2.3:o:amd:epyc_7713_firmware:::::::: cpe:2.3:o:amd:epyc_7443p_firmware:::::::: cpe:2.3:h:amd:epyc_7773x:-:::::::* cpe:2.3:h:amd:epyc_7543p:-:::::::* cpe:2.3:o:amd:epyc_73f3_firmware:::::::: cpe:2.3:o:amd:epyc_7373x_firmware:::::::: cpe:2.3:o:amd:epyc_7543p_firmware:::::::: cpe:2.3:h:amd:epyc_7443p:-:::::::* cpe:2.3:o:amd:epyc_7413_firmware:::::::: cpe:2.3:o:amd:epyc_7573x_firmware:::::::: cpe:2.3:o:amd:epyc_7743_firmware:::::::: cpe:2.3:o:amd:epyc_7773x_firmware:::::::: cpe:2.3:o:amd:epyc_7513_firmware:::::::: cpe:2.3:h:amd:epyc_7543:-:::::::* cpe:2.3:h:amd:epyc_7643:-:::::::* cpe:2.3:o:amd:epyc_7663_firmware:::::::: cpe:2.3:h:amd:epyc_7373x:-:::::::* cpe:2.3:o:amd:epyc_7313_firmware:::::::: cpe:2.3:h:amd:epyc_74f3:-:::::::* cpe:2.3:o:amd:epyc_75f3_firmware:::::::: cpe:2.3:o:amd:epyc_7713p_firmware:::::::: cpe:2.3:o:amd:epyc_72f3_firmware:::::::: cpe:2.3:o:amd:epyc_7003_firmware:::::::: cpe:2.3:h:amd:epyc_7003:-:::::::* cpe:2.3:h:amd:epyc_7763:-:::::::* cpe:2.3:o:amd:epyc_7453_firmware:::::::: cpe:2.3:h:amd:epyc_7663:-:::::::* cpe:2.3:o:amd:epyc_7763_firmware:::::::: cpe:2.3:h:amd:epyc_7573x:-:::::::* cpe:2.3:h:amd:epyc_7343:-:::::::* cpe:2.3:h:amd:epyc_7413:-:::::::* cpe:2.3:h:amd:epyc_73f3:-:::::::* cpe:2.3:o:amd:epyc_7543_firmware:::::::: cpe:2.3:h:amd:epyc_7313p:-:::::::* cpe:2.3:h:amd:epyc_7313:-:::::::*
CWE		CWE-20
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Amd epyc 7713 Firmware Amd epyc 7573x Firmware Amd epyc 7573x Amd epyc 73f3 Firmware Amd epyc 7773x Firmware Amd epyc 7513 Firmware Amd epyc 7443p Amd epyc 7543 Amd epyc 75f3 Amd epyc 7313 Firmware Amd epyc 7743 Amd epyc 7313p Firmware Amd epyc 7413 Firmware Amd epyc 7373x Firmware Amd epyc 72f3 Firmware Amd epyc 75f3 Firmware Amd epyc 7373x Amd epyc 7663 Firmware Amd epyc 7513 Amd epyc 7713p Amd epyc 7763 Firmware Amd epyc 72f3 Amd epyc 7543 Firmware Amd epyc 7643 Firmware Amd epyc 7413 Amd epyc 7343 Firmware Amd epyc 7643 Amd Amd epyc 7713 Amd epyc 7713p Firmware Amd epyc 7003 Firmware Amd epyc 7313p Amd epyc 7453 Amd epyc 7543p Firmware Amd epyc 7443p Firmware Amd epyc 7773x Amd epyc 7003 Amd epyc 7743 Firmware Amd epyc 7313 Amd epyc 7343 Amd epyc 7763 Amd epyc 7663 Amd epyc 73f3 Amd epyc 74f3 Amd epyc 7453 Firmware Amd epyc 74f3 Firmware Amd epyc 7443 Firmware Amd epyc 7543p Amd epyc 7443

11 Jan 2023, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-11 08:15

Updated : 2023-12-10 14:48

NVD link : CVE-2023-20530

Mitre link : CVE-2023-20530

CVE.ORG link : CVE-2023-20530

JSON object : View

Products Affected

amd

epyc_7443_firmware
epyc_7373x_firmware
epyc_7543_firmware
epyc_73f3_firmware
epyc_7763_firmware
epyc_7643_firmware
epyc_7643
epyc_7543
epyc_7443
epyc_75f3
epyc_7713_firmware
epyc_7543p_firmware
epyc_7743_firmware
epyc_7773x_firmware
epyc_7543p
epyc_7713p
epyc_7513
epyc_7713
epyc_74f3_firmware
epyc_7763
epyc_7663_firmware
epyc_7413_firmware
epyc_7573x
epyc_7663
epyc_7573x_firmware
epyc_7413
epyc_7453_firmware
epyc_73f3
epyc_7343_firmware
epyc_7513_firmware
epyc_72f3_firmware
epyc_7343
epyc_7453
epyc_7773x
epyc_7313p
epyc_75f3_firmware
epyc_7443p
epyc_7373x
epyc_72f3
epyc_7313_firmware
epyc_7313p_firmware
epyc_7743
epyc_7313
epyc_7443p_firmware
epyc_7003
epyc_7713p_firmware
epyc_74f3
epyc_7003_firmware

CWE

CWE-20

Improper Input Validation

7.5 /10