A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Metrics
Affected Vendors & Products
References
History
Thu, 15 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Amd epyc Embedded 3000
Amd epyc Embedded 7002 Amd epyc Embedded 7003 Amd epyc Embedded 9003 Amd ryzen Embedded 7000 Amd ryzen Embedded V3000 |
|
CPEs | cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:* cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:* cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:* cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:* cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:* cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Amd ryzen
|
Amd epyc Embedded 3000
Amd epyc Embedded 7002 Amd epyc Embedded 7003 Amd epyc Embedded 9003 Amd ryzen Embedded 7000 Amd ryzen Embedded V3000 |
Thu, 15 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Amd
Amd epyc 7001 Amd epyc 7002 Amd epyc 9004 Amd ryzen |
|
CPEs | cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:* cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Amd
Amd epyc 7001 Amd epyc 7002 Amd epyc 9004 Amd ryzen |
|
Metrics |
ssvc
|
Tue, 13 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: AMD
Published: 2024-08-13T16:52:58.457Z
Updated: 2024-08-15T18:08:38.953Z
Reserved: 2022-10-27T18:53:39.757Z
Link: CVE-2023-20578
Vulnrichment
Updated: 2024-08-15T16:05:38.025Z
NVD
Status : Awaiting Analysis
Published: 2024-08-13T17:15:19.510
Modified: 2024-08-14T02:07:05.410
Link: CVE-2023-20578
Redhat
No data.