CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20564 –
https://notcve.org/view.php?id=CVE-2023-20564
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7004 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20561 –
https://notcve.org/view.php?id=CVE-2023-20561
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20556 –
https://notcve.org/view.php?id=CVE-2023-20556
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-20562 –
https://notcve.org/view.php?id=CVE-2023-20562
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution. • https://github.com/zeze-zeze/HITCON-2023-Demo-CVE-2023-20562 https://github.com/passwa11/HITCON-2023-Demo-CVE-2023-20562 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7003 •
CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0CVE-2023-20555
https://notcve.org/view.php?id=CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •