Back to Security Bulletins

SMM Memory Corruption Vulnerability

Bulletin ID: AMD-SB-4003
Potential Impact: Arbitrary Code Execution
Severity: High

Summary

SMM memory corruption vulnerability in SMM driver on some AMD Processors.

CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

CVE Details

CVE

Severity

CVE Description

CVE-2023-20555

High

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Mitigation

The AGESA™ firmware versions listed below have been released to the Original Equipment Manufacturers (OEM) to mitigate these issues. Please refer to your OEM for the BIOS update specific to your product.

Desktop

CVE

AMD Ryzen™ 3000 Series Desktop Processors
“Matisse” AM4

AMD Ryzen™ 5000 Series Desktop Processors
“Vermeer” AM4

AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
“Cezanne” AM4

AMD Ryzen™ 7000 Series Processors
“Raphael”

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
“Picasso”

AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
“Renoir” FP5

CVE-2023-20555

 

ComboAM4 PI V1 1.0.0.A
(2023-03-17)

ComboAM4V2 PI 1.2.0.A
(2023-03-21)

ComboAM4 V2 PI 1.2.0.A
(2023-03-21)

ComboAM4v2 PI
1.2.0.A
(2023-03-21)

ComboAM5
1.0.0.6
(2023-02-24)

ComboAM4PIv1
1.0.0.A
(2023-3-17)

ComboAM4V2
1.2.0.A
(2023-03-21)

ComboAM4V2
1.2.0.A
(2023-03-21)

High End Desktop (HEDT)

CVE

AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”

AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT

CVE-2023-20555

Not affected

Not affected

Workstation

CVE

AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
“Castle Peak” WS SP3

AMD Ryzen™ Threadripper™ PRO Processors
“Chagall” WS

CVE-2023-20555

Not affected

Not affected

Mobile - AMD Athlon™ Series

CVE

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
“Dali”/”Dali” FP5

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics 
“Pollock”

CVE-2023-20555

PicassoPI-FP5
1.0.0.F
(2023-03-23)

PollockPI-FT5
1.0.0.5
(2023-03-23)

Mobile - AMD Ryzen™ Series

CVE

AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics
“Picasso”

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
“Renoir” FP6

 AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
“Lucienne”		 AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
“Cezanne”

CVE-2023-20555

PicassoPI-FP5
1.0.0.F
(2023-03-23)

ComboAM4PIv1
1.0.0.A
(2023-03-17)

ComboAM4V2
1.2.0.A
(2023-03-21)

RenoirPI-FP6
1.0.0.B
(2023-2-10)

ComboAM4V2
1.2.0.A
(2023-03-21)

 CezannePI-FP6
1.0.0.E
(2023-03-19)		 CezannePI-FP6
1.0.0.E
(2023-03-19)

 

CVE

AMD Ryzen™ 6000 Series Mobile Processors
"Rembrandt"

AMD Ryzen™ 7030 Series Mobile Processors
“Barcelo”

 AMD Ryzen™ 7020 Series Mobile Processors
“Mendocino”

CVE-2023-20555

 RembrandtPI-FP7
1.0.0.8
(2023-03-01)		 CezannePI-FP6
1.0.0.E
(2023-03-19)		 MendocinoPI-FT6
1.0.0.5
(2023-03-09)

Embedded

CVE

AMD Ryzen Embedded R1000

AMD Ryzen™ Embedded R2000

 AMD Ryzen™ Embedded 5000

CVE-2023-20555

 EmbeddedPI-FP5 
1.2.0.A
(2023-07-31)		 EmbeddedPI-FP5 
1.0.0.2
(2023-07-31) 		 EmbAM4PI 
1.0.0.3
(2023-07-31) 

 

CVE

AMD Ryzen™ Embedded R1000

AMD Ryzen™ Embedded R2000

 AMD Ryzen™ Embedded 5000

CVE-2023-20555

 All V1000 OPNs
excluding
YE1500C4T4MFH 		 YE1500C4T4MFH   EmbeddedPI-FP6
1.0.0.8
(2023-07-31)		 EmbeddedPI-FP7r2
1.0.0.5
(2023-07-28)
EmbeddedPI-FP5
1.2.0.B
(2024-01-15)

 

Acknowledgement

AMD thanks the Binarly efiXplorer team for reporting this issue and engaging in coordinated vulnerability disclosure.

 

Revisions

Revision Date Description
01/16/2024 Added Embedded processors.
08/08/2023 Initial publication.

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.

AMD, the AMD Arrow logo, Athlon, EPYC, Radeon, Ryzen and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD PARTY CONTENT.

© 2023 Advanced Micro Devices, Inc. All rights reserved.