Improper Access Control in ASP Bootloader Affects AMD Products
CVE-2023-20520
9.8CRITICAL
Key Information:
- Vendor
Amd
- Vendor
- CVE Published:
- 9 May 2023
What is CVE-2023-20520?
A flaw in the ASP Bootloader's access control settings may allow an attacker to manipulate the return address. This could result in a stack-based buffer overrun, possibly enabling the execution of arbitrary code. Adequate security measures are essential to mitigate the risk associated with this vulnerability.
Affected Version(s)
1st Gen AMD EPYC™ x86 various
2nd Gen AMD EPYC™ x86 various
3rd Gen AMD EPYC™ x86 various