Potential Privileged Attack via Hardcoded AES Key
CVE-2023-20512

1.9LOW

Key Information:

Vendor

Amd
Status
Amd Radeon™ Rx 6000 Series Graphics Cards
Amd Radeon™ Pro W6000 Series Graphics Cards
Vendor
CVE Published:
13 August 2024

What is CVE-2023-20512?

A critical security vulnerability has been identified in various AMD products utilizing the Platform Management Firmware (PMFW). This issue arises from a hardcoded AES encryption key that, if exploited by a privileged attacker, could lead to unauthorized access to sensitive internal debug information. The availability of this key may enable attackers to bypass security measures and gain deeper insights into the system, posing significant risks to data integrity and confidentiality. Users are advised to apply security updates promptly to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)

AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:
1.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.