CVE-2023-20521

Description

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

CVSS breakdown

CVSS 3.1

Attack Vector

Physical

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

Low

Affected products

AMD / 1st Gen AMD EPYC™ Processorsvarious – various
AMD / 2nd Gen AMD EPYC™ Processorsvarious – various
AMD / 3rd Gen AMD EPYC™ Processorsvarious – various
AMD / AMD EPYC™ Embedded 3000various – various
AMD / AMD EPYC™ Embedded 7002various – various
AMD / AMD EPYC™ Embedded 7003various – various
AMD / AMD Ryzen™ Embedded R1000various – various
AMD / AMD Ryzen™ Embedded R2000various – various
AMD / AMD Ryzen™ Embedded V1000various – various
AMD / Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4various – various
AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5various – various
AMD / Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”various – various
AMD / Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5various – various
AMD / Ryzen™ Threadripper™ 2000 Series Processors “Colfax”various – various

Description

CVSS breakdown

Affected products

References