Timing Discrepancy Vulnerability in AMD ASP Product
CVE-2023-20572

5.6MEDIUM

Key Information:

Vendor: Amd
Status: Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics; Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics; Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics
Vendor: CVE Published:; 26 June 2026

What is CVE-2023-20572?

A vulnerability in AMD's Application Security Platform (ASP) has been identified due to an observable timing inconsistency. This flaw allows an attacker with appropriate privileges to exploit the timing differences when processing hash message authentication codes. By doing so, the attacker may launch a brute-force attack, enabling them to submit arbitrary messages, which can lead to critical data integrity issues within the system.

Affected Version(s)

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4v2PI 1.2.0.CA

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Picasso-FP5 1.0.1.1

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Pollock-FT5 1.0.0.7

References

https://www.amd.com/en/resources/product-security/bulleti...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Oct 27, 2022

CVE-2023-20572 Data

JSON

Amd

What is CVE-2023-20572?

Affected Version(s)

References

CVSS V4

Timeline