Vulnerabilities > CVE-2023-20555 - Out-of-bounds Write vulnerability in AMD products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
amd
CWE-787

Summary

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Vulnerable Configurations

Part Description Count
OS
Amd
306
Hardware
Amd
119

Common Weakness Enumeration (CWE)