Potential Loss of Confidentiality Due to Incomplete BIOS Menu or UEFI Shell Cleanup
CVE-2023-20518
1.9LOW
Key Information
- Vendor
- Amd
- Status
- Amd Epyc™ 9004 Series Processors
- Amd Ryzen™ 3000 Series Desktop Processors
- Amd Ryzen™ 5000 Series Desktop Processors
- Amd Ryzen™ 5000 Series Desktop Processor With Radeon™ Graphics
- Vendor
- CVE Published:
- 13 August 2024
Summary
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
Affected Version(s)
AMD EPYC™ 9004 Series Processors <= GenoaPI 1.0.0.4
AMD Ryzen™ 3000 Series Desktop Processors <= ComboAM4V1 1.0.0.A
AMD Ryzen™ 3000 Series Desktop Processors >= ComboAM4V1 1.0.0.A
CVSS V3.1
Score:
1.9
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database