CVE-2023-20521

Summary

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

Affected Software

VendorProductVersion RangeStatus
AMDAthlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4variousaffected
AMDRyzen™ Threadripper™ 2000 Series Processors “Colfax”variousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5variousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”variousaffected
AMDRyzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5variousaffected
AMD1st Gen AMD EPYC™ Processorsvariousaffected
AMD2nd Gen AMD EPYC™ Processorsvariousaffected
AMD3rd Gen AMD EPYC™ Processorsvariousaffected
AMDAMD EPYC™ Embedded 3000variousaffected
AMDAMD EPYC™ Embedded 7002variousaffected
AMDAMD EPYC™ Embedded 7003variousaffected
AMDAMD Ryzen™ Embedded R1000variousaffected
AMDAMD Ryzen™ Embedded R2000variousaffected
AMDAMD Ryzen™ Embedded V1000variousaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References