CVE-2023-20521
3.3LOW
Key Information
- Vendor
- Amd
- Status
- Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics “picasso” Am4
- Ryzen™ Threadripper™ 2000 Series Processors “colfax”
- Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “dali”/”dali” Fp5
- Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics “pollock”
- Vendor
- CVE Published:
- 14 November 2023
Summary
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
Affected Version(s)
Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 = various
Ryzen™ Threadripper™ 2000 Series Processors “Colfax” = various
Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 = various
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Risk change from: 5.7 to: 3.3 - (LOW)
Risk change from: 5.7 to: 3.3 - (LOW)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database