CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Published: 2023-08-08 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-20555 is rated Low Risk (38.9/100): CVSS High severity, with low exploitation likelihood (EPSS 0.30%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-20555

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.30% +0.25%
2 2026-06-04 0.04% 0.05% +0.01%
3 2026-04-13 0.04%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-20555

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.8 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.8 5.9 [email protected]

Weakness enumeration for CVE-2023-20555

OS Trackers for CVE-2023-20555

vendor priority summary link
redhat high https://access.redhat.com/security/cve/CVE-2023-20555
suse high https://www.suse.com/security/cve/CVE-2023-20555/

Affected software / configurations for CVE-2023-20555

Vendor Product Version Raw CPE
amd ryzen_3_3300_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_3_3300_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_3300x_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_3_3300x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_3600_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_5_3600_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_3600x_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_5_3600x_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3700_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_7_3700_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3700x_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_7_3700x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_3800x_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_9_3800x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_3850x_firmware < comboam4_pi_v1_1.0.0.a cpe:2.3:o:amd:ryzen_9_3850x_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_3300_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_3_3300_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_3300x_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_3_3300x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_3600_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_3600_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_3600x_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_3600x_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3700_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_3700_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3700x_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_3700x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_3800x_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_9_3800x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_3850x_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_9_3850x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_5950x_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_9_5950x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_5900x_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_9_5900x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_5900_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_9_5900_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_pro_5945_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_9_pro_5945_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5800x3d_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5800x_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5800x_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5800_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5800_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5700x_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5700x_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_pro_5845_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_pro_5845_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_5600x3d_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_5600x_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_5600x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_5600_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_5600_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_pro_5645_firmware < comboam4_v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_pro_5645_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5700_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5700_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_5500_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_5500_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_5100_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_3_5100_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5700g_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5700g_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_5700ge_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_7_5700ge_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_5600g_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_5600g_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_5600ge_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_5600ge_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_5300g_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_3_5300g_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_5300ge_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_3_5300ge_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_7950x3d_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_9_7950x3d_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_7950x_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_9_7950x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_7900x3d_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_9_7900x3d_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_7900x_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_9_7900x_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_7900_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_9_7900_firmware:*:*:*:*:*:*:*:*
amd ryzen_9_pro_7945_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_9_pro_7945_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_7800x3d_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_7_7800x3d_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_7700x_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_7_7700x_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_7700_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_7_7700_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_pro_7745_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_7_pro_7745_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_7600x_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_5_7600x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_7600_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_5_7600_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_pro_7645_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_5_pro_7645_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_7500f_firmware < comboam5_1.0.0.6 cpe:2.3:o:amd:ryzen_5_7500f_firmware:*:*:*:*:*:*:*:*
amd ryzen_4700s_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_4700s_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_4500_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_5_4500_firmware:*:*:*:*:*:*:*:*
amd ryzen_3_4100_firmware < comboam4v2_pi_1.2.0.a cpe:2.3:o:amd:ryzen_3_4100_firmware:*:*:*:*:*:*:*:*
amd athlon_pro_300ge_firmware < comboam4piv1_1.0.0.a cpe:2.3:o:amd:athlon_pro_300ge_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_3150ge_firmware < comboam4piv1_1.0.0.a cpe:2.3:o:amd:athlon_gold_3150ge_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_pro_3150ge_firmware < comboam4piv1_1.0.0.a cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_3150g_firmware < comboam4piv1_1.0.0.a cpe:2.3:o:amd:athlon_gold_3150g_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_pro_3150g_firmware < comboam4piv1_1.0.0.a cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:*:*:*:*:*:*:*:*
amd athlon_pro_300ge_firmware < comboam4v2_1.2.0.a cpe:2.3:o:amd:athlon_pro_300ge_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_3150ge_firmware < comboam4v2_1.2.0.a cpe:2.3:o:amd:athlon_gold_3150ge_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_pro_3150ge_firmware < comboam4v2_1.2.0.a cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_3150g_firmware < comboam4v2_1.2.0.a cpe:2.3:o:amd:athlon_gold_3150g_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_pro_3150g_firmware < comboam4v2_1.2.0.a cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:*:*:*:*:*:*:*:*
amd athlon_silver_3050e_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_silver_3050e_firmware:*:*:*:*:*:*:*:*
amd athlon_pro_3045b_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_pro_3045b_firmware:*:*:*:*:*:*:*:*
amd athlon_silver_3050u_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_silver_3050u_firmware:*:*:*:*:*:*:*:*
amd athlon_silver_3050c_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_silver_3050c_firmware:*:*:*:*:*:*:*:*
amd athlon_pro_3145b_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_pro_3145b_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_3150u_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_gold_3150u_firmware:*:*:*:*:*:*:*:*
amd athlon_gold_3150c_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:athlon_gold_3150c_firmware:*:*:*:*:*:*:*:*
amd athlon_3015e_firmware < pollockpi-ft5_1.0.0.5 cpe:2.3:o:amd:athlon_3015e_firmware:*:*:*:*:*:*:*:*
amd athlon_3015ce_firmware < pollockpi-ft5_1.0.0.5 cpe:2.3:o:amd:athlon_3015ce_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3780u_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:ryzen_7_3780u_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3750h_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:ryzen_7_3750h_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3700c_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:ryzen_7_3700c_firmware:*:*:*:*:*:*:*:*
amd ryzen_7_3700u_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:ryzen_7_3700u_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_3580u_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:ryzen_5_3580u_firmware:*:*:*:*:*:*:*:*
amd ryzen_5_3550h_firmware < picassopi-fp5_1.0.0.f cpe:2.3:o:amd:ryzen_5_3550h_firmware:*:*:*:*:*:*:*:*

References for CVE-2023-20555

cvelogic Threat Intelligence