CVSS: 5.5EPSS: 0%CPEs: 319EXPL: 0CVE-2023-20597
https://notcve.org/view.php?id=CVE-2023-20597
20 Sep 2023 — Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization CWE-824: Access of Uninitialized Pointer •
CVSS: 4.4EPSS: 0%CPEs: 381EXPL: 0CVE-2023-20594
https://notcve.org/view.php?id=CVE-2023-20594
20 Sep 2023 — Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0CVE-2023-20555
https://notcve.org/view.php?id=CVE-2023-20555
08 Aug 2023 — Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 244EXPL: 0CVE-2023-20589 – fTPM Voltage Fault Injection
https://notcve.org/view.php?id=CVE-2023-20589
08 Aug 2023 — An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005 •