CVE-2023-20521

CVSS 3.3 LOWEPSS 0.3%

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 3.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

14 nov 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

Produtos afetados

AMD · 1st Gen AMD EPYC™ Processors AMD · 2nd Gen AMD EPYC™ Processors AMD · 3rd Gen AMD EPYC™ Processors AMD · AMD EPYC™ Embedded 3000 AMD · AMD EPYC™ Embedded 7002 AMD · AMD EPYC™ Embedded 7003 AMD · AMD Ryzen™ Embedded R1000 AMD · AMD Ryzen™ Embedded R2000 AMD · AMD Ryzen™ Embedded V1000 AMD · Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 AMD · Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD · Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 AMD · Ryzen™ Threadripper™ 2000 Series Processors “Colfax”

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002 https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001