CVE-2023-20540

Summary

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4 1.0.0.Eunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series ProcessorsCastlePeakPI-SP3r3 1.0.0.Cunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.Eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.9unaffected

Weaknesses

  • CWE-208: CWE-208 Observable timing discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References