{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20579", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-10-27T18:53:39.757Z", "datePublished": "2024-02-13T19:32:11.904Z", "dateUpdated": "2024-08-02T09:05:36.910Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ", "vendor": "AMD", "versions": [{"status": "affected", "version": "Various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various "}]}, {"defaultStatus": "unaffected", "packageName": "PI", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "packageName": "PI", "platforms": ["x86"], "product": "AMD Ryzen\u2122 Embedded V3000", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "platforms": ["x86"], "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "platforms": ["x86"], "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "unaffected", "platforms": ["x86"], "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}], "datePublic": "2024-02-13T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<br>"}], "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-02-13T19:32:11.904Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"}], "source": {"advisory": "AMD-SB-7009", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20579", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-14T15:53:23.792810Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:20:09.206Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.910Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.910Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20579", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-14T15:53:23.792810Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.379Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"advisory": "AMD-SB-7009", "discovery": "UNKNOWN"}, "affected": [{"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ", "versions": [{"status": "affected", "version": "Various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ", "versions": [{"status": "affected", "version": "various "}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various"}], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V2000", "versions": [{"status": "affected", "version": "various"}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V3000", "versions": [{"status": "affected", "version": "various"}], "platforms": ["x86"], "packageName": "PI", "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various"}], "platforms": ["x86"], "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ", "versions": [{"status": "affected", "version": "various"}], "platforms": ["x86"], "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "affected", "version": "various"}], "platforms": ["x86"], "defaultStatus": "unaffected"}], "datePublic": "2024-02-13T17:00:00.000Z", "references": [{"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<br>", "base64": false}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-02-13T19:32:11.904Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20579", "state": "PUBLISHED", "dateUpdated": "2024-08-02T09:05:36.910Z", "dateReserved": "2022-10-27T18:53:39.757Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2024-02-13T19:32:11.904Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Un control de acceso inadecuado en la funci\u00f3n de protecci\u00f3n AMD SPI puede permitir que un usuario con acceso privilegiado Ring0 (modo kernel) evite las protecciones, lo que podr\u00eda provocar una p\u00e9rdida de integridad y disponibilidad."}], "id": "CVE-2023-20579", "lastModified": "2024-02-14T13:59:35.580", "metrics": {}, "published": "2024-02-13T20:15:52.577", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "hw: amd: SPI bypass", "id": "2263394", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263394"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-284", "details": ["Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.", "A vulnerability was found in AMD hardware due to improper access control in the AMD SPI protection feature. This issue may allow a local user with Ring0 (kernel mode) privileged access to bypass protections, potentially resulting in loss of integrity and availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-20579", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-20579\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20579\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html"], "statement": "The PSP and AEGIS vulnerabilities necessitate a BIOS update, as they are not inherent to the CPU and cannot be addressed through CPU microcode updates. This requires a UEFI firmware update from the device vendor, distinct from updates in the linux-firmware package. Therefore, linux-firmware on Red Hat Enterprise Linux is marked as not affected.", "threat_severity": "Important"}