CVE-2023-20572

Summary

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

Affected Software

VendorProductVersion RangeStatus
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPicasso-FP5 1.0.1.1unaffected
AMDAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsPollock-FT5 1.0.0.7unaffected
AMDAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsCezanne-FP6 1.0.1.0unaffected
AMDAMD Ryzen™ 7030 Series Mobile processors with Radeon™ GraphicsCezanne-FP6 1.0.1.0unaffected
AMDAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsRenoir-FP6 1.0.0.Dunaffected
AMDAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsRembrandt-FP7 1.0.0.Aunaffected
AMDAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsMendocinoPI-FT6 1.0.0.6unaffected
AMDAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4PI 1.0.0.Funaffected
AMDAMD Ryzen™ 4000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CAunaffected
AMDAMD Ryzen™ 8000 Series Desktop ProcessorsComboAM5 1.0.0.7aunaffected
AMDAMD Ryzen™ 7000 Series Desktop ProcessorsComboAM5 1.0.0.7aunaffected
AMDAMD Ryzen™ Threadripper™ 3000 Series ProcessorsCastlePeakPI-SP3r3 1.0.0.Cunaffected
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.Eunaffected
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.9unaffected
AMDAMD Ryzen™ Threadripper™ 7000 ProcessorsStormPeakPI-SP6 1.1.0.0cunaffected
AMDAMD Ryzen™ Threadripper™ PRO 7000WX-Series ProcessorsStormPeakPI-SP6 1.0.0.1eunaffected

Weaknesses

  • CWE-208: CWE-208 Observable timing discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References