CVE-2023-20520

CVSS 9.8 CRITICALEPSS 0.8%CWE-787

In short

A flaw in ASP Bootloader's access control allows attackers to overflow a buffer on the stack and corrupt memory, potentially executing malicious code on the affected system.

Technical detail

Stack-based buffer overflow (CWE-787) in ASP Bootloader due to improper access control, enabling local or adjacent attackers to corrupt the return address and achieve arbitrary code execution with no authentication required.

Summary generated and translated by AI from the official description.

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

AMD · 1st Gen AMD EPYC™AMD · 2nd Gen AMD EPYC™AMD · 3rd Gen AMD EPYC™

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001