CVE-2023-20578

7.5 HIGH

📋 TL;DR

This CVE describes a TOCTOU (Time-Of-Check-Time-Of-Use) vulnerability in AMD System Management Mode (SMM) that could allow an attacker with ring0 privileges and BIOS/UEFI access to modify communications buffers, potentially leading to arbitrary code execution. It affects AMD processors with specific firmware configurations. Attackers need local administrative access to exploit this vulnerability.

💻 Affected Systems

Products:

• AMD processors with affected firmware

Versions: Specific firmware versions as detailed in AMD advisory

Operating Systems: All operating systems running on affected AMD hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have ring0 privileges and access to BIOS menu or UEFI shell. Not all AMD processors are affected - check AMD advisory for specific models.

📦 What is this software?

Epyc 7001 Firmware by Amd

View all CVEs affecting Epyc 7001 Firmware →

Epyc 7203 Firmware by Amd

View all CVEs affecting Epyc 7203 Firmware →

Epyc 7203p Firmware by Amd

View all CVEs affecting Epyc 7203p Firmware →

Epyc 7232p Firmware by Amd

View all CVEs affecting Epyc 7232p Firmware →

Epyc 7251 Firmware by Amd

View all CVEs affecting Epyc 7251 Firmware →

Epyc 7252 Firmware by Amd

View all CVEs affecting Epyc 7252 Firmware →

Epyc 7261 Firmware by Amd

View all CVEs affecting Epyc 7261 Firmware →

Epyc 7262 Firmware by Amd

View all CVEs affecting Epyc 7262 Firmware →

Epyc 7272 Firmware by Amd

View all CVEs affecting Epyc 7272 Firmware →

Epyc 7281 Firmware by Amd

View all CVEs affecting Epyc 7281 Firmware →

Epyc 7282 Firmware by Amd

View all CVEs affecting Epyc 7282 Firmware →

Epyc 72f3 Firmware by Amd

View all CVEs affecting Epyc 72f3 Firmware →

Epyc 7301 Firmware by Amd

View all CVEs affecting Epyc 7301 Firmware →

Epyc 7302 Firmware by Amd

View all CVEs affecting Epyc 7302 Firmware →

Epyc 7302p Firmware by Amd

View all CVEs affecting Epyc 7302p Firmware →

Epyc 7303 Firmware by Amd

View all CVEs affecting Epyc 7303 Firmware →

Epyc 7303p Firmware by Amd

View all CVEs affecting Epyc 7303p Firmware →

Epyc 7313 Firmware by Amd

View all CVEs affecting Epyc 7313 Firmware →

Epyc 7313p Firmware by Amd

View all CVEs affecting Epyc 7313p Firmware →

Epyc 7343 Firmware by Amd

View all CVEs affecting Epyc 7343 Firmware →

Epyc 7351 Firmware by Amd

View all CVEs affecting Epyc 7351 Firmware →

Epyc 7351p Firmware by Amd

View all CVEs affecting Epyc 7351p Firmware →

Epyc 7352 Firmware by Amd

View all CVEs affecting Epyc 7352 Firmware →

Epyc 7371 Firmware by Amd

View all CVEs affecting Epyc 7371 Firmware →

Epyc 7373x Firmware by Amd

View all CVEs affecting Epyc 7373x Firmware →

Epyc 73f3 Firmware by Amd

View all CVEs affecting Epyc 73f3 Firmware →

Epyc 7401 Firmware by Amd

View all CVEs affecting Epyc 7401 Firmware →

Epyc 7401p Firmware by Amd

View all CVEs affecting Epyc 7401p Firmware →

Epyc 7402 Firmware by Amd

View all CVEs affecting Epyc 7402 Firmware →

Epyc 7402p Firmware by Amd

View all CVEs affecting Epyc 7402p Firmware →

Epyc 7413 Firmware by Amd

View all CVEs affecting Epyc 7413 Firmware →

Epyc 7443 Firmware by Amd

View all CVEs affecting Epyc 7443 Firmware →

Epyc 7443p Firmware by Amd

View all CVEs affecting Epyc 7443p Firmware →

Epyc 7451 Firmware by Amd

View all CVEs affecting Epyc 7451 Firmware →

Epyc 7452 Firmware by Amd

View all CVEs affecting Epyc 7452 Firmware →

Epyc 7453 Firmware by Amd

View all CVEs affecting Epyc 7453 Firmware →

Epyc 7473x Firmware by Amd

View all CVEs affecting Epyc 7473x Firmware →

Epyc 74f3 Firmware by Amd

View all CVEs affecting Epyc 74f3 Firmware →

Epyc 7501 Firmware by Amd

View all CVEs affecting Epyc 7501 Firmware →

Epyc 7502 Firmware by Amd

View all CVEs affecting Epyc 7502 Firmware →

Epyc 7502p Firmware by Amd

View all CVEs affecting Epyc 7502p Firmware →

Epyc 7513 Firmware by Amd

View all CVEs affecting Epyc 7513 Firmware →

Epyc 7532 Firmware by Amd

View all CVEs affecting Epyc 7532 Firmware →

Epyc 7542 Firmware by Amd

View all CVEs affecting Epyc 7542 Firmware →

Epyc 7543 Firmware by Amd

View all CVEs affecting Epyc 7543 Firmware →

Epyc 7543p Firmware by Amd

View all CVEs affecting Epyc 7543p Firmware →

Epyc 7551 Firmware by Amd

View all CVEs affecting Epyc 7551 Firmware →

Epyc 7551p Firmware by Amd

View all CVEs affecting Epyc 7551p Firmware →

Epyc 7552 Firmware by Amd

View all CVEs affecting Epyc 7552 Firmware →

Epyc 7573x Firmware by Amd

View all CVEs affecting Epyc 7573x Firmware →

Epyc 75f3 Firmware by Amd

View all CVEs affecting Epyc 75f3 Firmware →

Epyc 7601 Firmware by Amd

View all CVEs affecting Epyc 7601 Firmware →

Epyc 7642 Firmware by Amd

View all CVEs affecting Epyc 7642 Firmware →

Epyc 7643 Firmware by Amd

View all CVEs affecting Epyc 7643 Firmware →

Epyc 7643p Firmware by Amd

View all CVEs affecting Epyc 7643p Firmware →

Epyc 7662 Firmware by Amd

View all CVEs affecting Epyc 7662 Firmware →

Epyc 7663 Firmware by Amd

View all CVEs affecting Epyc 7663 Firmware →

Epyc 7663p Firmware by Amd

View all CVEs affecting Epyc 7663p Firmware →

Epyc 7702 Firmware by Amd

View all CVEs affecting Epyc 7702 Firmware →

Epyc 7702p Firmware by Amd

View all CVEs affecting Epyc 7702p Firmware →

Epyc 7713 Firmware by Amd

View all CVEs affecting Epyc 7713 Firmware →

Epyc 7713p Firmware by Amd

View all CVEs affecting Epyc 7713p Firmware →

Epyc 7742 Firmware by Amd

View all CVEs affecting Epyc 7742 Firmware →

Epyc 7763 Firmware by Amd

View all CVEs affecting Epyc 7763 Firmware →

Epyc 7773x Firmware by Amd

View all CVEs affecting Epyc 7773x Firmware →

Epyc 7f32 Firmware by Amd

View all CVEs affecting Epyc 7f32 Firmware →

Epyc 7f52 Firmware by Amd

View all CVEs affecting Epyc 7f52 Firmware →

Epyc 7f72 Firmware by Amd

View all CVEs affecting Epyc 7f72 Firmware →

Epyc 7h12 Firmware by Amd

View all CVEs affecting Epyc 7h12 Firmware →

Epyc 8024p Firmware by Amd

View all CVEs affecting Epyc 8024p Firmware →

Epyc 8024pn Firmware by Amd

View all CVEs affecting Epyc 8024pn Firmware →

Epyc 8124p Firmware by Amd

View all CVEs affecting Epyc 8124p Firmware →

Epyc 8124pn Firmware by Amd

View all CVEs affecting Epyc 8124pn Firmware →

Epyc 8224p Firmware by Amd

View all CVEs affecting Epyc 8224p Firmware →

Epyc 8224pn Firmware by Amd

View all CVEs affecting Epyc 8224pn Firmware →

Epyc 8324p Firmware by Amd

View all CVEs affecting Epyc 8324p Firmware →

Epyc 8324pn Firmware by Amd

View all CVEs affecting Epyc 8324pn Firmware →

Epyc 8434p Firmware by Amd

View all CVEs affecting Epyc 8434p Firmware →

Epyc 8434pn Firmware by Amd

View all CVEs affecting Epyc 8434pn Firmware →

Epyc 8534p Firmware by Amd

View all CVEs affecting Epyc 8534p Firmware →

Epyc 8534pn Firmware by Amd

View all CVEs affecting Epyc 8534pn Firmware →

Epyc 9124 Firmware by Amd

View all CVEs affecting Epyc 9124 Firmware →

Epyc 9174f Firmware by Amd

View all CVEs affecting Epyc 9174f Firmware →

Epyc 9184x Firmware by Amd

View all CVEs affecting Epyc 9184x Firmware →

Epyc 9224 Firmware by Amd

View all CVEs affecting Epyc 9224 Firmware →

Epyc 9254 Firmware by Amd

View all CVEs affecting Epyc 9254 Firmware →

Epyc 9274f Firmware by Amd

View all CVEs affecting Epyc 9274f Firmware →

Epyc 9334 Firmware by Amd

View all CVEs affecting Epyc 9334 Firmware →

Epyc 9354 Firmware by Amd

View all CVEs affecting Epyc 9354 Firmware →

Epyc 9354p Firmware by Amd

View all CVEs affecting Epyc 9354p Firmware →

Epyc 9374f Firmware by Amd

View all CVEs affecting Epyc 9374f Firmware →

Epyc 9384x Firmware by Amd

View all CVEs affecting Epyc 9384x Firmware →

Epyc 9454 Firmware by Amd

View all CVEs affecting Epyc 9454 Firmware →

Epyc 9454p Firmware by Amd

View all CVEs affecting Epyc 9454p Firmware →

Epyc 9474f Firmware by Amd

View all CVEs affecting Epyc 9474f Firmware →

Epyc 9534 Firmware by Amd

View all CVEs affecting Epyc 9534 Firmware →

Epyc 9554 Firmware by Amd

View all CVEs affecting Epyc 9554 Firmware →

Epyc 9554p Firmware by Amd

View all CVEs affecting Epyc 9554p Firmware →

Epyc 9634 Firmware by Amd

View all CVEs affecting Epyc 9634 Firmware →

Epyc 9654 Firmware by Amd

View all CVEs affecting Epyc 9654 Firmware →

Epyc 9654p Firmware by Amd

View all CVEs affecting Epyc 9654p Firmware →

Epyc 9684x Firmware by Amd

View all CVEs affecting Epyc 9684x Firmware →

Epyc 9734 Firmware by Amd

View all CVEs affecting Epyc 9734 Firmware →

Epyc 9754 Firmware by Amd

View all CVEs affecting Epyc 9754 Firmware →

Epyc 9754s Firmware by Amd

View all CVEs affecting Epyc 9754s Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with persistent firmware-level malware installation, allowing attackers to bypass operating system security controls and maintain persistence across reboots.

🟠

Likely Case

Privilege escalation from ring0 to SMM, enabling attackers to execute arbitrary code at the highest privilege level and potentially install persistent firmware implants.

🟢

If Mitigated

Limited impact due to required administrative access and BIOS/UEFI shell access, with proper access controls preventing exploitation.

🌐 Internet-Facing: LOW - This vulnerability requires local administrative access and BIOS/UEFI shell access, making remote exploitation extremely difficult.

🏢 Internal Only: MEDIUM - Internal attackers with administrative privileges and physical/console access could potentially exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires administrative privileges, BIOS/UEFI access, and detailed knowledge of SMM internals. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to AMD firmware updates for specific processor models

Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Restart Required: Yes

Instructions:

1. Check AMD advisory for affected processor models. 2. Contact system/device manufacturer for BIOS/UEFI firmware updates. 3. Apply firmware update following manufacturer instructions. 4. Reboot system to activate new firmware.

🔧 Temporary Workarounds

Restrict BIOS/UEFI Access

all

Set BIOS/UEFI passwords and restrict physical access to prevent unauthorized BIOS/UEFI shell access.

Limit Administrative Privileges

all

Implement least privilege principle to reduce number of users with ring0/administrative access.

🧯 If You Can't Patch

• Implement strict access controls to BIOS/UEFI settings and physical console access
• Monitor for suspicious administrative activity and BIOS/UEFI access attempts

🔍 How to Verify

Check if Vulnerable:

Copy

Check processor model and firmware version against AMD advisory. Use manufacturer-specific tools to check firmware version.

Check Version:

Copy

Manufacturer-specific commands vary. For Linux: 'sudo dmidecode -t bios' or 'sudo cat /sys/class/dmi/id/bios_version'. For Windows: 'wmic bios get smbiosbiosversion'

Verify Fix Applied:

Copy

Verify firmware version has been updated to patched version using manufacturer tools or BIOS/UEFI interface.

📡 Detection & Monitoring

Log Indicators:

• BIOS/UEFI firmware modification events
• Unauthorized administrative access to system management interfaces
• Suspicious SMM-related activity

Network Indicators:

• Not applicable - local exploitation only

SIEM Query:

Copy

Search for BIOS/UEFI access events, firmware modification attempts, or unauthorized administrative privilege escalation

📊 Metadata

CVE ID: CVE-2023-20578

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-367

Published: August 13, 2024

Last Updated: March 18, 2025

🔗 References

• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20578, you might also want to check these:

CVE-2026-25641 10.0

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attack...

Same vulnerability type (CWE-367)

CVE-2025-64180 10.0

A critical TOCTOU vulnerability in Manager accounting software allows attackers to bypass DNS valida...

Same vulnerability type (CWE-367)

CVE-2025-13032 9.9

A double fetch vulnerability in the sandbox kernel driver of Avast/AVG Antivirus on Windows allows l...

Same vulnerability type (CWE-367)