CVE-2023-20558

8.8 HIGH

📋 TL;DR

This vulnerability in AMD's CPM OEM SMM (System Management Mode) firmware allows a privileged attacker to manipulate control flow and tamper with SMM handlers. This could lead to escalation of privileges from ring 0 (kernel) to ring -2 (SMM), giving attackers full system control. It affects systems with vulnerable AMD processors and firmware.

💻 Affected Systems

Products:

• AMD Ryzen processors with CPM firmware

Versions: Specific firmware versions not publicly detailed in advisory

Operating Systems: All operating systems running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local privileged access to exploit; affects systems with vulnerable AMD CPM firmware versions

📦 What is this software?

Athlon Gold 3150u Firmware by Amd

View all CVEs affecting Athlon Gold 3150u Firmware →

Athlon Silver 3050u Firmware by Amd

View all CVEs affecting Athlon Silver 3050u Firmware →

Ryzen 3 2200u Firmware by Amd

View all CVEs affecting Ryzen 3 2200u Firmware →

Ryzen 3 2300u Firmware by Amd

View all CVEs affecting Ryzen 3 2300u Firmware →

Ryzen 3 3200u Firmware by Amd

View all CVEs affecting Ryzen 3 3200u Firmware →

Ryzen 3 3250u Firmware by Amd

View all CVEs affecting Ryzen 3 3250u Firmware →

Ryzen 3 3300u Firmware by Amd

View all CVEs affecting Ryzen 3 3300u Firmware →

Ryzen 3 3300x Firmware by Amd

View all CVEs affecting Ryzen 3 3300x Firmware →

Ryzen 3 3350u Firmware by Amd

View all CVEs affecting Ryzen 3 3350u Firmware →

Ryzen 3 3450u Firmware by Amd

View all CVEs affecting Ryzen 3 3450u Firmware →

Ryzen 3 3500c Firmware by Amd

View all CVEs affecting Ryzen 3 3500c Firmware →

Ryzen 3 3500u Firmware by Amd

View all CVEs affecting Ryzen 3 3500u Firmware →

Ryzen 3 3550h Firmware by Amd

View all CVEs affecting Ryzen 3 3550h Firmware →

Ryzen 3 3580u Firmware by Amd

View all CVEs affecting Ryzen 3 3580u Firmware →

Ryzen 3 3700c Firmware by Amd

View all CVEs affecting Ryzen 3 3700c Firmware →

Ryzen 3 3700u Firmware by Amd

View all CVEs affecting Ryzen 3 3700u Firmware →

Ryzen 3 3750h Firmware by Amd

View all CVEs affecting Ryzen 3 3750h Firmware →

Ryzen 3 3780u Firmware by Amd

View all CVEs affecting Ryzen 3 3780u Firmware →

Ryzen 3 4300g Firmware by Amd

View all CVEs affecting Ryzen 3 4300g Firmware →

Ryzen 3 4300ge Firmware by Amd

View all CVEs affecting Ryzen 3 4300ge Firmware →

Ryzen 3 5125c Firmware by Amd

View all CVEs affecting Ryzen 3 5125c Firmware →

Ryzen 3 5300g Firmware by Amd

View all CVEs affecting Ryzen 3 5300g Firmware →

Ryzen 3 5300ge Firmware by Amd

View all CVEs affecting Ryzen 3 5300ge Firmware →

Ryzen 3 5400u Firmware by Amd

View all CVEs affecting Ryzen 3 5400u Firmware →

Ryzen 3 5425c Firmware by Amd

View all CVEs affecting Ryzen 3 5425c Firmware →

Ryzen 3 5425u Firmware by Amd

View all CVEs affecting Ryzen 3 5425u Firmware →

Ryzen 5 2500u Firmware by Amd

View all CVEs affecting Ryzen 5 2500u Firmware →

Ryzen 5 2600 Firmware by Amd

View all CVEs affecting Ryzen 5 2600 Firmware →

Ryzen 5 2600h Firmware by Amd

View all CVEs affecting Ryzen 5 2600h Firmware →

Ryzen 5 2600x Firmware by Amd

View all CVEs affecting Ryzen 5 2600x Firmware →

Ryzen 5 2700 Firmware by Amd

View all CVEs affecting Ryzen 5 2700 Firmware →

Ryzen 5 2700x Firmware by Amd

View all CVEs affecting Ryzen 5 2700x Firmware →

Ryzen 5 3500 Firmware by Amd

View all CVEs affecting Ryzen 5 3500 Firmware →

Ryzen 5 3500x Firmware by Amd

View all CVEs affecting Ryzen 5 3500x Firmware →

Ryzen 5 3600 Firmware by Amd

View all CVEs affecting Ryzen 5 3600 Firmware →

Ryzen 5 3600x Firmware by Amd

View all CVEs affecting Ryzen 5 3600x Firmware →

Ryzen 5 3600xt Firmware by Amd

View all CVEs affecting Ryzen 5 3600xt Firmware →

Ryzen 5 4600g Firmware by Amd

View all CVEs affecting Ryzen 5 4600g Firmware →

Ryzen 5 4600ge Firmware by Amd

View all CVEs affecting Ryzen 5 4600ge Firmware →

Ryzen 5 5560u Firmware by Amd

View all CVEs affecting Ryzen 5 5560u Firmware →

Ryzen 5 5600g Firmware by Amd

View all CVEs affecting Ryzen 5 5600g Firmware →

Ryzen 5 5600ge Firmware by Amd

View all CVEs affecting Ryzen 5 5600ge Firmware →

Ryzen 5 5600h Firmware by Amd

View all CVEs affecting Ryzen 5 5600h Firmware →

Ryzen 5 5600hs Firmware by Amd

View all CVEs affecting Ryzen 5 5600hs Firmware →

Ryzen 5 5600u Firmware by Amd

View all CVEs affecting Ryzen 5 5600u Firmware →

Ryzen 5 5625c Firmware by Amd

View all CVEs affecting Ryzen 5 5625c Firmware →

Ryzen 5 5625u Firmware by Amd

View all CVEs affecting Ryzen 5 5625u Firmware →

Ryzen 7 2700 Firmware by Amd

View all CVEs affecting Ryzen 7 2700 Firmware →

Ryzen 7 2700u Firmware by Amd

View all CVEs affecting Ryzen 7 2700u Firmware →

Ryzen 7 2700x Firmware by Amd

View all CVEs affecting Ryzen 7 2700x Firmware →

Ryzen 7 2800h Firmware by Amd

View all CVEs affecting Ryzen 7 2800h Firmware →

Ryzen 7 3700x Firmware by Amd

View all CVEs affecting Ryzen 7 3700x Firmware →

Ryzen 7 3800x Firmware by Amd

View all CVEs affecting Ryzen 7 3800x Firmware →

Ryzen 7 3800xt Firmware by Amd

View all CVEs affecting Ryzen 7 3800xt Firmware →

Ryzen 7 4700g Firmware by Amd

View all CVEs affecting Ryzen 7 4700g Firmware →

Ryzen 7 4700ge Firmware by Amd

View all CVEs affecting Ryzen 7 4700ge Firmware →

Ryzen 7 5700g Firmware by Amd

View all CVEs affecting Ryzen 7 5700g Firmware →

Ryzen 7 5700ge Firmware by Amd

View all CVEs affecting Ryzen 7 5700ge Firmware →

Ryzen 7 5800h Firmware by Amd

View all CVEs affecting Ryzen 7 5800h Firmware →

Ryzen 7 5800hs Firmware by Amd

View all CVEs affecting Ryzen 7 5800hs Firmware →

Ryzen 7 5800u Firmware by Amd

View all CVEs affecting Ryzen 7 5800u Firmware →

Ryzen 7 5825c Firmware by Amd

View all CVEs affecting Ryzen 7 5825c Firmware →

Ryzen 7 5825u Firmware by Amd

View all CVEs affecting Ryzen 7 5825u Firmware →

Ryzen 9 3900 Firmware by Amd

View all CVEs affecting Ryzen 9 3900 Firmware →

Ryzen 9 3900x Firmware by Amd

View all CVEs affecting Ryzen 9 3900x Firmware →

Ryzen 9 3900xt Firmware by Amd

View all CVEs affecting Ryzen 9 3900xt Firmware →

Ryzen 9 3950x Firmware by Amd

View all CVEs affecting Ryzen 9 3950x Firmware →

Ryzen 9 5900hs Firmware by Amd

View all CVEs affecting Ryzen 9 5900hs Firmware →

Ryzen 9 5900hx Firmware by Amd

View all CVEs affecting Ryzen 9 5900hx Firmware →

Ryzen 9 5980hs Firmware by Amd

View all CVEs affecting Ryzen 9 5980hs Firmware →

Ryzen 9 5980hx Firmware by Amd

View all CVEs affecting Ryzen 9 5980hx Firmware →

Ryzen 9 Pro 3900 Firmware by Amd

View all CVEs affecting Ryzen 9 Pro 3900 Firmware →

Ryzen Threadripper 2920x Firmware by Amd

View all CVEs affecting Ryzen Threadripper 2920x Firmware →

Ryzen Threadripper 2950x Firmware by Amd

View all CVEs affecting Ryzen Threadripper 2950x Firmware →

Ryzen Threadripper 2970wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper 2970wx Firmware →

Ryzen Threadripper 2990wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper 2990wx Firmware →

Ryzen Threadripper 3960x Firmware by Amd

View all CVEs affecting Ryzen Threadripper 3960x Firmware →

Ryzen Threadripper 3970x Firmware by Amd

View all CVEs affecting Ryzen Threadripper 3970x Firmware →

Ryzen Threadripper 3990x Firmware by Amd

View all CVEs affecting Ryzen Threadripper 3990x Firmware →

Ryzen Threadripper Pro 3795wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 3795wx Firmware →

Ryzen Threadripper Pro 3945wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 3945wx Firmware →

Ryzen Threadripper Pro 3955wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 3955wx Firmware →

Ryzen Threadripper Pro 3975wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 3975wx Firmware →

Ryzen Threadripper Pro 3995wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 3995wx Firmware →

Ryzen Threadripper Pro 5945wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 5945wx Firmware →

Ryzen Threadripper Pro 5955wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 5955wx Firmware →

Ryzen Threadripper Pro 5965wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 5965wx Firmware →

Ryzen Threadripper Pro 5975wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 5975wx Firmware →

Ryzen Threadripper Pro 5995wx Firmware by Amd

View all CVEs affecting Ryzen Threadripper Pro 5995wx Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with persistent firmware-level backdoor installation, allowing attackers to bypass all security controls including secure boot and hypervisors.

🟠

Likely Case

Privileged attacker (local administrator or compromised kernel) gains SMM-level access to read/write protected memory, install persistent malware, or disable security features.

🟢

If Mitigated

Attack limited to kernel-level access without SMM escalation if proper firmware updates are applied and SMM protections are enabled.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires privileged local access and detailed knowledge of AMD firmware internals; no public exploits known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to AMD advisory for specific firmware versions

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html

Restart Required: Yes

Instructions:

1. Check system manufacturer's website for BIOS/UEFI firmware updates 2. Download appropriate firmware for your system model 3. Follow manufacturer's firmware update instructions carefully 4. Reboot system to apply update

🔧 Temporary Workarounds

Restrict local administrative access

all

Limit number of users with local administrative privileges to reduce attack surface

Enable SMM protection features

all

Enable SMM protection settings in BIOS/UEFI if available

🧯 If You Can't Patch

• Implement strict access controls to limit local administrative privileges
• Monitor for suspicious SMM-related activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check BIOS/UEFI firmware version against AMD advisory; use manufacturer's system information tools

Check Version:

Copy

wmic bios get smbiosbiosversion (Windows) or dmidecode -t bios (Linux)

Verify Fix Applied:

Copy

Verify firmware version has been updated to patched version; check system logs for successful firmware update

📡 Detection & Monitoring

Log Indicators:

• Unexpected firmware modification attempts
• SMM handler access from non-SMM code
• Privilege escalation attempts

Network Indicators:

• None - this is a local privilege escalation vulnerability

SIEM Query:

Copy

Search for: firmware modification events, SMM access violations, or unexpected privilege changes

📊 Metadata

CVE ID: CVE-2023-20558

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-670

Published: April 2, 2023

Last Updated: February 20, 2025

🔗 References

• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html Vendor Advisory
• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20558, you might also want to check these:

CVE-2020-1914 9.8

A logic vulnerability in Facebook Hermes JavaScript engine allows attackers to potentially read out ...

Same vulnerability type (CWE-670)

CVE-2025-43359 9.8

This CVE describes a UDP socket binding vulnerability in Apple operating systems where a UDP server ...

Same vulnerability type (CWE-670)

CVE-2025-29312 9.1

This vulnerability in ONOS (Open Network Operating System) v2.7.0 allows attackers to trigger unexpe...

Same vulnerability type (CWE-670)