CVE-2023-20589

Summary

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 

Affected Software

VendorProductVersion RangeStatus
AMDRyzen™ 3000 Series Desktop Processorsvariousaffected
AMDRyzen™ PRO 3000 Series Desktop Processorsvariousaffected
AMDRyzen™ 3000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ PRO 3000 Series Processors with Radeon™ Vega Graphicsvariousaffected
AMDAthlon™ 3000 Series Processors with Radeon™ Graphicsvariousaffected
AMDAthlon™ PRO 3000 Series Processors with Radeon™ Vega Graphicsvariousaffected
AMDRyzen™ 4000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ PRO 4000 Series Desktop Processorsvariousaffected
AMDRyzen™ 5000 Series Desktop Processorsvariousaffected
AMDRyzen™ 5000 Series Desktop Processors with Radeon™ Graphicsvariousaffected
Ryzen™ PRO 5000 Series Desktop Processorsvariousaffected
AMDRyzen™ Threadripper™ 2000 Series Processorsvariousaffected
AMDRyzen™ Threadripper™ 5000 Series Processorsvariousaffected
AMDRyzen™ Threadripper™ 3000 Series Processorsvariousaffected
AMDAthlon™ 3000 Series Mobile Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 5000 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ PRO 5000 Series Processorsvariousaffected
AMDRyzen™ 6000 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ PRO 6000 Series Processorsvariousaffected
AMDRyzen™ 7020 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ 7030 Series Processors with Radeon™ Graphicsvariousaffected
AMDRyzen™ PRO 7030 Series Processorsvariousaffected
AMDRyzen™ 7035 Series Processors with Radeon™ Graphicsvariousaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References