[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2023:4664-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":36,"duplicates":37,"related":38,"reserved_at":9,"published_at":50,"modified_at":51,"state":9,"summary":52,"references_raw":54,"kevs":116,"epss":9,"epss_history":117,"metrics":118,"affected":119},"SUSE-SU-2023:4664-1","Security update for kernel-firmware\n\nThis update for kernel-firmware fixes the following issues:\n\nUpdate AMD ucode to 20231030 (bsc#1215831):\n\n- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.\n- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.\n- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.\n0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.\n- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.\n- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.\n- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34],{"_key":15},"CVE-2021-26345",{"_key":17},"CVE-2021-46766",{"_key":19},"CVE-2021-46774",{"_key":21},"CVE-2022-23820",{"_key":23},"CVE-2022-23830",{"_key":25},"CVE-2023-20519",{"_key":27},"CVE-2023-20521",{"_key":29},"CVE-2023-20526",{"_key":31},"CVE-2023-20533",{"_key":33},"CVE-2023-20566",{"_key":35},"CVE-2023-20592",[],[],[39,40,41,42,43,44,45,46,47,48,49],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},"2023-12-06T12:34:02Z","2026-02-04T02:46:36.112137Z",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[55,62,67,71,76,80,84,88,92,96,100,104,108,112],{"url":56,"sources":57,"tags":60},"https://www.suse.com/support/update/announcement/2023/suse-su-20234664-1/",[58,59],"osv_suse","osv_opensuse",[61],"Advisory",{"url":63,"sources":64,"tags":65},"https://bugzilla.suse.com/1215823",[58,59],[66],"REPORT",{"url":68,"sources":69,"tags":70},"https://bugzilla.suse.com/1215831",[58,59],[66],{"url":72,"sources":73,"tags":74},"https://www.suse.com/security/cve/CVE-2021-26345",[58,59],[75],"WEB",{"url":77,"sources":78,"tags":79},"https://www.suse.com/security/cve/CVE-2021-46766",[58,59],[75],{"url":81,"sources":82,"tags":83},"https://www.suse.com/security/cve/CVE-2021-46774",[58,59],[75],{"url":85,"sources":86,"tags":87},"https://www.suse.com/security/cve/CVE-2022-23820",[58,59],[75],{"url":89,"sources":90,"tags":91},"https://www.suse.com/security/cve/CVE-2022-23830",[58,59],[75],{"url":93,"sources":94,"tags":95},"https://www.suse.com/security/cve/CVE-2023-20519",[58,59],[75],{"url":97,"sources":98,"tags":99},"https://www.suse.com/security/cve/CVE-2023-20521",[58,59],[75],{"url":101,"sources":102,"tags":103},"https://www.suse.com/security/cve/CVE-2023-20526",[58,59],[75],{"url":105,"sources":106,"tags":107},"https://www.suse.com/security/cve/CVE-2023-20533",[58,59],[75],{"url":109,"sources":110,"tags":111},"https://www.suse.com/security/cve/CVE-2023-20566",[58,59],[75],{"url":113,"sources":114,"tags":115},"https://www.suse.com/security/cve/CVE-2023-20592",[58,59],[75],[],[],[],[120,133,137,141,147,151],{"ecosystem":121,"name":122,"vendor":123,"product":124,"cpe_part":9,"purl_type":125,"purl_namespace":123,"purl_name":124,"source":9,"versions":126},"openSUSE","kernel-firmware","opensuse","kernel-firmware&distro=openSUSE Leap 15.4","rpm",[127],{"version":128,"is_range":129,"range_type":130,"version_start":9,"version_start_type":9,"version_end":131,"version_end_type":132,"fixed_in":9},"lt20220509_150400_4_25_1",true,"ecosystem","20220509-150400.4.25.1","excluding",{"ecosystem":121,"name":122,"vendor":123,"product":134,"cpe_part":9,"purl_type":125,"purl_namespace":123,"purl_name":134,"source":9,"versions":135},"kernel-firmware&distro=openSUSE Leap Micro 5.3",[136],{"version":128,"is_range":129,"range_type":130,"version_start":9,"version_start_type":9,"version_end":131,"version_end_type":132,"fixed_in":9},{"ecosystem":121,"name":122,"vendor":123,"product":138,"cpe_part":9,"purl_type":125,"purl_namespace":123,"purl_name":138,"source":9,"versions":139},"kernel-firmware&distro=openSUSE Leap Micro 5.4",[140],{"version":128,"is_range":129,"range_type":130,"version_start":9,"version_start_type":9,"version_end":131,"version_end_type":132,"fixed_in":9},{"ecosystem":142,"name":122,"vendor":143,"product":144,"cpe_part":9,"purl_type":125,"purl_namespace":143,"purl_name":144,"source":9,"versions":145},"SUSE Linux Enterprise","suse","kernel-firmware&distro=SUSE Linux Enterprise Micro 5.3",[146],{"version":128,"is_range":129,"range_type":130,"version_start":9,"version_start_type":9,"version_end":131,"version_end_type":132,"fixed_in":9},{"ecosystem":142,"name":122,"vendor":143,"product":148,"cpe_part":9,"purl_type":125,"purl_namespace":143,"purl_name":148,"source":9,"versions":149},"kernel-firmware&distro=SUSE Linux Enterprise Micro 5.4",[150],{"version":128,"is_range":129,"range_type":130,"version_start":9,"version_start_type":9,"version_end":131,"version_end_type":132,"fixed_in":9},{"ecosystem":142,"name":122,"vendor":143,"product":152,"cpe_part":9,"purl_type":125,"purl_namespace":143,"purl_name":152,"source":9,"versions":153},"kernel-firmware&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4",[154],{"version":128,"is_range":129,"range_type":130,"version_start":9,"version_start_type":9,"version_end":131,"version_end_type":132,"fixed_in":9}]