Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-36323

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-15 May, 2026 | 02:59
Updated At-16 May, 2026 | 03:56
Rejected At-
Credits

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:15 May, 2026 | 02:59
Updated At:16 May, 2026 | 03:56
Rejected At:
▼CVE Numbering Authority (CNA)

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 7000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • Radeon Software for Linux 24.20.3
  • AMD Software: Adrenalin Edition 25.10.2 (25.20.21.01)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W7000 Series Graphics Products
Default Status
affected
Versions
Unaffected
  • Radeon Software for Linux 24.20.3
  • AMD Software: PRO Edition 25.Q3.1 (25.10.32)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Instinct™ MI308X
Default Status
affected
Versions
Unaffected
  • ROC 6.3
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Instinct™ MI325X
Default Status
affected
Versions
Unaffected
  • ROC 6.3
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Instinct™ MI300X
Default Status
affected
Versions
Unaffected
  • ROCm 6.3
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Instinct™ MI300A
Default Status
affected
Versions
Unaffected
  • ROCm 6.3
Problem Types
TypeCWE IDDescription
N/AN/ASecurity Vulnerability
Type: N/A
CWE ID: N/A
Description: Security Vulnerability
Metrics
VersionBase scoreBase severityVector
4.08.8HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:15 May, 2026 | 05:16
Updated At:15 May, 2026 | 14:10

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.8HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.htmlpsirt@amd.com
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html
Source: psirt@amd.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2025-29939
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.88%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 19:11
Updated-10 Feb, 2026 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD EPYC™ Embedded 7003 Series ProcessorsAMD EPYC™ Embedded 9005 Series ProcessorsAMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Genoa")AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed "Bergamo")AMD EPYC™ 9004 Series ProcessorsAMD EPYC™ 7003 Series ProcessorsAMD EPYC™ 9005 Series ProcessorsAMD EPYC™ 8004 Series ProcessorsAMD EPYC™ Embedded 8004 Series Processors
CWE ID-CWE-284
Improper Access Control
CVE-2022-23829
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-8.2||HIGH
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 19:01
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 3000 Series Desktop ProcessorsAMD EPYC™ Embedded 70033rd Gen AMD EPYC™ ProcessorsAMD RyzenTM Embedded R1000AMD Ryzen™ 4000 Series Mobile ProcessorsAMD Ryzen™ 5000 Series Desktop Processors2nd Gen AMD EPYC™ ProcessorsAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD RyzenTM Embedded V30001st Gen AMD EPYC™ ProcessorsAMD Ryzen™ 6000 Series Mobile Processors and WorkstationsAMD RyzenTM Embedded R2000AMD Ryzen™ 5000 Series Mobile ProcessorsAMD EPYC™ Embedded 3000AMD RyzenTM Embedded V2000AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-SeriesAMD RyzenTM Embedded 5000AMD RyzenTM Embedded V1000AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO ProcessorAMD EPYC (TM) Embedded 7002AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsryzen_threadripper_pro_5995wxryzen_6980hx
CWE ID-CWE-284
Improper Access Control
CVE-2023-31341
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:57
Updated-26 Feb, 2025 | 07:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-uprofμProf Toolamd_uprof
CWE ID-CWE-284
Improper Access Control
CVE-2025-0033
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 5.64%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 14:49
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD EPYC™ 7003 Series Processors (formerly codenamed "Milan")AMD EPYC™ 9005 Series Processors (formerly codenamed "Turin")
CWE ID-CWE-284
Improper Access Control
CVE-2025-0040
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 6.12%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 02:09
Updated-15 May, 2026 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents of cross-chip debug (XCD) registers potentially resulting in loss of data integrity or confidentiality.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 8000 Series Desktop ProcessorsAMD Ryzen™ Embedded 8000 Series Processors
CWE ID-CWE-284
Improper Access Control
CVE-2022-27673
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.09%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:46
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access controls in the AMD Link Android app may potentially result in information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-amd_linkAMD Link Android
CWE ID-CWE-284
Improper Access Control
CVE-2023-31346
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-6||MEDIUM
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 19:18
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_9224epyc_9654p_firmwareepyc_7303epyc_7643_firmwareepyc_9474f_firmwareepyc_9374fepyc_9534epyc_7313pepyc_7663_firmwareepyc_9254_firmwareepyc_7203pepyc_7313p_firmwareepyc_9174f_firmwareepyc_9384x_firmwareepyc_7543p_firmwareepyc_7203p_firmwareepyc_9654_firmwareepyc_7443pepyc_9554_firmwareepyc_7763_firmwareepyc_9634epyc_9654pepyc_9454pepyc_7663epyc_8324pepyc_9124_firmwareepyc_7713epyc_7543epyc_7713_firmwareepyc_9684xepyc_7643epyc_7663p_firmwareepyc_8224pn_firmwareepyc_8434pn_firmwareepyc_9454p_firmwareepyc_7773x_firmwareepyc_7543pepyc_72f3_firmwareepyc_7573x_firmwareepyc_8534pnepyc_9374f_firmwareepyc_9274f_firmwareepyc_7343_firmwareepyc_7643pepyc_9124epyc_7573xepyc_9224_firmwareepyc_9534_firmwareepyc_7513_firmwareepyc_7763epyc_8534pepyc_8224p_firmwareepyc_7303_firmwareepyc_7513epyc_7543_firmwareepyc_7303p_firmwareepyc_8024pnepyc_7473xepyc_9184x_firmwareepyc_7453epyc_7413epyc_7443p_firmwareepyc_8224pepyc_75f3epyc_8434pepyc_9354epyc_8434pnepyc_74f3epyc_7303pepyc_9354_firmwareepyc_9474fepyc_75f3_firmwareepyc_7373x_firmwareepyc_9254epyc_9354p_firmwareepyc_9634_firmwareepyc_8024pepyc_9684x_firmwareepyc_7443epyc_9384xepyc_8024p_firmwareepyc_7203_firmwareepyc_8534p_firmwareepyc_7313_firmwareepyc_9554p_firmwareepyc_9554pepyc_72f3epyc_7643p_firmwareepyc_8224pnepyc_8124p_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_8324p_firmwareepyc_9334_firmwareepyc_74f3_firmwareepyc_9354pepyc_7473x_firmwareepyc_9174fepyc_7773xepyc_7373xepyc_73f3epyc_8434p_firmwareepyc_9274fepyc_9184xepyc_8534pn_firmwareepyc_7713pepyc_9654epyc_8324pnepyc_7663pepyc_8124pnepyc_8124pepyc_9454epyc_7343epyc_7313epyc_8324pn_firmwareepyc_9334epyc_73f3_firmwareepyc_7443_firmwareepyc_9454_firmwareepyc_8024pn_firmwareepyc_9554epyc_8124pn_firmwareepyc_7413_firmware4th Gen AMD EPYC™ Processors 3rd Gen AMD EPYC™ Processors
CWE ID-CWE-284
Improper Access Control
CVE-2021-26360
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.98%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_softwareradeon_rx_6800mradeon_rx_6500_xtradeon_pro_w6600mradeon_rx_6300mradeon_rx_6750_xtradeon_rx_6800radeon_pro_w6800radeon_rx_6900_xtradeon_rx_6600sradeon_pro_w6600radeon_rx_6650m_xtradeon_pro_w6900xradeon_pro_w6400radeon_rx_6500mradeon_rx_6800sradeon_rx_6950_xtradeon_rx_6600_xtradeon_rx_6600mradeon_rx_6700mradeon_rx_6700_xtradeon_pro_w6800x_duoradeon_pro_softwareradeon_rx_6700radeon_rx_6850m_xtradeon_rx_6700sradeon_pro_w6800xradeon_rx_6650mradeon_rx_6800_xtenterprise_driverradeon_rx_6400radeon_rx_6600radeon_pro_w6300mradeon_rx_6650_xtradeon_pro_w6600xradeon_pro_w6500mAMD Radeon RX 6000 Series & PRO W6000 Series
CWE ID-CWE-284
Improper Access Control
CVE-2021-26338
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.90%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:53
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7443_firmwareepyc_7402pepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7282_firmwareepyc_7542_firmwareepyc_7f32epyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7302epyc_7413_firmwareepyc_7h12_firmwareepyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7343_firmwareepyc_7532_firmwareepyc_7502p_firmwareepyc_7413epyc_7313pepyc_7313epyc_7663_firmwareepyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7532epyc_73f32nd Gen AMD EPYC™3rd Gen AMD EPYC™
CWE ID-CWE-284
Improper Access Control
CVE-2021-26334
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.51% / 66.52%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 15:43
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Chipset Driver Information Disclosure Vulnerability

The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsamd_uproflinux_kernelμProf Tool
CWE ID-CWE-284
Improper Access Control
CVE-2023-20579
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 19:32
Updated-14 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_7_5700geryzen_9_6900hs_firmwareryzen_3_5125cryzen_5_5600uryzen_7_pro_7840uryzen_7_5800hsryzen_7_3780uryzen_3_5300g_firmwareryzen_5_3450uryzen_9_5980hs_firmwareryzen_5_7645hx_firmwareryzen_7_7840h_firmwareryzen_3_5400u_firmwareryzen_5_5500gt_firmwareryzen_7_pro_7745ryzen_embedded_v3c14_firmwareryzen_9_7900x3dryzen_embedded_v2546ryzen_5_pro_7645_firmwareryzen_7_4700g_firmwareryzen_embedded_v3c48_firmwareryzen_7_7700x_firmwareryzen_threadripper_pro_7975wxryzen_embedded_v3c44ryzen_7_4700geryzen_9_4900hryzen_threadripper_pro_7945wx_firmwareryzen_5_7235hsryzen_5_5625cryzen_5_5560u_firmwareryzen_9_7950x_firmwareryzen_5_3580u_firmwareryzen_7_6800h_firmwareryzen_5_7535u_firmwareryzen_9_6980hx_firmwareryzen_7_4800h_firmwareryzen_5_pro_7645ryzen_9_6980hs_firmwareryzen_5_4600gryzen_5_7640hryzen_5_7520u_firmwareryzen_7_5800u_firmwareryzen_7_7735hs_firmwareryzen_5_5600hs_firmwareryzen_5_6600h_firmwareryzen_3_7335u_firmwareryzen_threadripper_pro_7985wxryzen_7_5800hs_firmwareryzen_3_3200u_firmwareryzen_threadripper_pro_7985wx_firmwareryzen_7_3700uryzen_5_5600geryzen_7_7800x3d_firmwareryzen_5_7600ryzen_5_4500uryzen_9_7940hxryzen_threadripper_7980x_firmwareryzen_9_7945hxryzen_5_4600geryzen_7_7700ryzen_3_5125c_firmwareryzen_7_7736u_firmwareryzen_3_3300u_firmwareryzen_5_pro_7640hs_firmwareryzen_9_7940hryzen_threadripper_7960x_firmwareryzen_7_5825cryzen_5_pro_7540uryzen_5_3450u_firmwareryzen_3_4300uryzen_3_5400uryzen_7_6800u_firmwareryzen_embedded_v3c16_firmwareryzen_3_3250u_firmwareryzen_5_pro_7540u_firmwareryzen_embedded_v3c44_firmwareryzen_embedded_v3c18ryzen_9_5900hs_firmwareryzen_7_7745hxryzen_5_7535uryzen_9_pro_7940hs_firmwareryzen_embedded_v2718ryzen_7_6800hsryzen_threadripper_pro_7995wxryzen_7_7435hsryzen_9_7900x_firmwareryzen_7_6800hs_firmwareryzen_3_4300g_firmwareryzen_5_3500c_firmwareryzen_7_4700uryzen_5_pro_7545u_firmwareryzen_3_5300geryzen_3_3250cryzen_5_5500gtryzen_7_3780u_firmwareryzen_7_5800h_firmwareryzen_5_7535hs_firmwareryzen_5_5625c_firmwareryzen_3_7440u_firmwareryzen_5_4600hryzen_9_6900hsryzen_7_7735h_firmwareryzen_5_7640h_firmwareryzen_3_3250uryzen_7_7745hx_firmwareryzen_7_7435hryzen_5_4600ge_firmwareryzen_embedded_v3c48ryzen_9_7845hxryzen_7_3700c_firmwareryzen_9_5900hsryzen_3_3350u_firmwareryzen_3_5425u_firmwareryzen_9_6900hx_firmwareryzen_5_pro_7545uryzen_7_5800hryzen_3_5425uryzen_5_7235hryzen_5_7235hs_firmwareryzen_7_5825u_firmwareryzen_5_7535h_firmwareryzen_7_3700cryzen_embedded_v3c16ryzen_5_5625u_firmwareryzen_5_3550hryzen_3_3350uryzen_7_3750hryzen_threadripper_7960xryzen_3_4300geryzen_7_6800uryzen_5_7645hxryzen_3_4300gryzen_5_5600gtryzen_embedded_v2516ryzen_5_7535hsryzen_5_7600x3dryzen_7_3750h_firmwareryzen_9_7945hx3dryzen_9_7940hx_firmwareryzen_5_6600uryzen_7_7840hryzen_5_5600g_firmwareryzen_7_5700gryzen_5_5625uryzen_threadripper_pro_7975wx_firmwareryzen_7_7735hryzen_5_7500fryzen_9_7945hx_firmwareryzen_9_7950xryzen_7_pro_7840hsryzen_7_pro_7840hs_firmwareryzen_5_7520uryzen_5_4600g_firmwareryzen_9_5900hx_firmwareryzen_embedded_v2718_firmwareryzen_7_5700ge_firmwareryzen_7_7735u_firmwareryzen_5_3580uryzen_9_6980hsryzen_threadripper_pro_7965wx_firmwareryzen_embedded_v2516_firmwareryzen_7_7736uryzen_7_4700gryzen_7_5825uryzen_3_5425cryzen_threadripper_pro_7995wx_firmwareryzen_3_3250c_firmwareryzen_threadripper_pro_7955wxryzen_5_5600u_firmwareryzen_5_6600hryzen_embedded_v2748_firmwareryzen_7_3700u_firmwareryzen_5_5600gryzen_embedded_v2546_firmwareryzen_threadripper_pro_7955wx_firmwareryzen_3_7320u_firmwareryzen_9_6980hxryzen_9_7845hx_firmwareryzen_7_4700u_firmwareryzen_9_7950x3dryzen_7_4800uryzen_7_7735hsryzen_9_7900ryzen_5_6600u_firmwareryzen_9_5900hxryzen_7_pro_7745_firmwareryzen_5_7500f_firmwareryzen_9_7900_firmwareryzen_5_3550h_firmwareryzen_5_5600hsryzen_9_5980hsryzen_5_3500cryzen_threadripper_7980xryzen_3_4300u_firmwareryzen_7_5700g_firmwareryzen_7_pro_7840u_firmwareryzen_3_3300uryzen_5_7535hryzen_9_4900h_firmwareryzen_3_7320uryzen_5_4600u_firmwareryzen_threadripper_7970xryzen_5_6600hs_firmwareryzen_5_7600_firmwareryzen_5_4600h_firmwareryzen_7_7735uryzen_9_7940h_firmwareryzen_7_5825c_firmwareryzen_5_5600gt_firmwareryzen_3_5300gryzen_9_7950x3d_firmwareryzen_3_4300ge_firmwareryzen_9_pro_7945ryzen_threadripper_7970x_firmwareryzen_5_pro_7640uryzen_3_7335uryzen_5_5560uryzen_embedded_v2748ryzen_5_4500u_firmwareryzen_5_4600uryzen_5_7600xryzen_5_3500uryzen_threadripper_pro_7945wxryzen_5_5600hryzen_9_7900xryzen_5_pro_7640u_firmwareryzen_7_7700xryzen_5_5600h_firmwareryzen_7_6800hryzen_5_pro_7640hsryzen_9_pro_7940hsryzen_7_7435hs_firmwareryzen_3_3200uryzen_7_4800hryzen_5_7600x3d_firmwareryzen_9_7945hx3d_firmwareryzen_9_6900hxryzen_threadripper_pro_7965wxryzen_5_7600x_firmwareryzen_3_5425c_firmwareryzen_9_pro_7945_firmwareryzen_embedded_v3c18_firmwareryzen_5_5600ge_firmwareryzen_7_4700ge_firmwareryzen_9_5980hxryzen_7_7800x3dryzen_embedded_v3c14ryzen_5_6600hsryzen_5_7235h_firmwareryzen_3_5300ge_firmwareryzen_9_5980hx_firmwareryzen_7_4800u_firmwareryzen_7_7700_firmwareryzen_9_7900x3d_firmwareryzen_7_5800uryzen_5_3500u_firmwareryzen_3_7440uryzen_7_7435h_firmwareAMD Ryzen™ 7045 Series Mobile Processors AMD Ryzen™ 7000 Series Desktop Processor AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics AMD Ryzen™ Embedded V3000AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics AMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ Embedded V2000AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics AMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics
CWE ID-CWE-284
Improper Access Control
CVE-2023-20587
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.1||HIGH
EPSS-0.03% / 10.45%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 19:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-4th Gen AMD EPYC™ Processors3rd Gen AMD EPYC™ ProcessorsAMD EPYC(TM) Embedded 7003AMD EPYC(TM) Embedded 90032nd Gen AMD EPYC™ Processors1st Gen AMD EPYC™ ProcessorsAMD EPYC(TM) Embedded 7002 AMD EPYC(TM) Embedded 3000
CWE ID-CWE-284
Improper Access Control
Details not found