CVE-2023-20521

CVSS 3.3 LOWEPSS 0.3%

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

14 nov 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

Productos afectados

AMD · 1st Gen AMD EPYC™ Processors AMD · 2nd Gen AMD EPYC™ Processors AMD · 3rd Gen AMD EPYC™ Processors AMD · AMD EPYC™ Embedded 3000 AMD · AMD EPYC™ Embedded 7002 AMD · AMD EPYC™ Embedded 7003 AMD · AMD Ryzen™ Embedded R1000 AMD · AMD Ryzen™ Embedded R2000 AMD · AMD Ryzen™ Embedded V1000 AMD · Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD · Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 AMD · Ryzen™ Threadripper™ 2000 Series Processors “Colfax”

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001