CVE-2023-20570

Summary

Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.

Affected Software

VendorProductVersion RangeStatus
AMDAlveo™ Card (UltraScale™and UltraScale+™ based)allaffected
AMDKintex™ UltraScale™ FPGAallaffected
AMDVirtex™ UltraScale™ FPGAallaffected
AMDKintex™UltraScale+™ FPGAallaffected
AMDVirtex™ UltraScale+™FPGAallaffected
AMDArtix™ UltraScale+™ FPGAallaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References