Potential Privileged Attack via Hardcoded AES Key
CVE-2023-20512

1.9LOW

Key Information:

Vendor: Amd
Status: Amd Radeon™ Rx 6000 Series Graphics Cards; Amd Radeon™ Pro W6000 Series Graphics Cards
Vendor: CVE Published:; 13 August 2024

Summary

A critical security vulnerability has been identified in various AMD products utilizing the Platform Management Firmware (PMFW). This issue arises from a hardcoded AES encryption key that, if exploited by a privileged attacker, could lead to unauthorized access to sensitive internal debug information. The availability of this key may enable attackers to bypass security measures and gain deeper insights into the system, posing significant risks to data integrity and confidentiality. Users are advised to apply security updates promptly to mitigate this vulnerability.

Affected Version(s)

AMD Radeon™ PRO W6000 Series Graphics Cards AMD Software: PRO Edition 23.Q4 (23.30.13.03)

AMD Radeon™ RX 6000 Series Graphics Cards AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V3.1

Score:

1.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Oct 27, 2022

Collectors

NVD DatabaseMitre Database