Timing Discrepancy Vulnerability in AMD Products
CVE-2023-20540

1.8LOW

Key Information:

Vendor: Amd
Status: Amd Ryzen™ 3000 Series Desktop Processors; Amd Ryzen™ 5000 Series Desktop Processors; Amd Ryzen™ Threadripper™ 3000 Series Processors; Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors
Vendor: CVE Published:; 26 June 2026

What is CVE-2023-20540?

A detectable timing discrepancy in AMD Software can enable privileged attackers to execute brute-force attacks against the hash message authentication code. This vulnerability may allow unauthorized input manipulation, resulting in a potential loss of data integrity. To mitigate risks, affected users should ensure they are using the latest security patches and regularly review their security protocols.

Affected Version(s)

AMD Ryzen™ 3000 Series Desktop Processors ComboAM4 1.0.0.E

AMD Ryzen™ 5000 Series Desktop Processors ComboAM4v2PI 1.2.0.CA

AMD Ryzen™ Threadripper™ 3000 Series Processors CastlePeakPI-SP3r3 1.0.0.C

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Oct 27, 2022

CVE-2023-20540 Data

JSON

Amd

What is CVE-2023-20540?

Affected Version(s)

References

CVSS V4

Timeline