CVE-2023-20521

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Nov 14, 2023

Updated: Jun 18, 2024

CWE ID 367

Summary

CVE-2023-20521 is a vulnerability affecting the TOCTOU (Time of Check to Time of Use) in the ASP (Advanced Software Protection) Bootloader. An attacker with physical access to the system can manipulate SPI ROM records after memory content verification, resulting in potential loss of confidentiality or denial of service. This issue allows an adversary to bypass the security measures put in place by the ASP Bootloader, posing a significant risk to system integrity. The vulnerability could potentially enable unauthorized access or modification of critical system files, causing disruption or exposure of sensitive data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Advanced Micro Devices (AMD) EPYC 75F3 FIRMWARE
Advanced Micro Devices (AMD) EPYC 7343 FIRMWARE
Advanced Micro Devices (AMD) EPYC 7513 FIRMWARE
Advanced Micro Devices (AMD) EPYC 74F3 FIRMWARE
Advanced Micro Devices (AMD) EPYC 7643 FIRMWARE

Affected Vendors

Advanced Micro Devices

Advisories, Assessments, and Mitigations

Back to Vulnerability Database