fTPM Voltage Fault Injection
CVE-2023-20589
6.8MEDIUM
Key Information
- Vendor
- AMD
- Status
- Ryzen™ 3000 Series Desktop Processors
- Ryzen™ PRO 3000 Series Desktop Processors
- Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics
- Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics
- Vendor
- CVE Published:
- 8 August 2023
Summary
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
Affected Version(s)
Ryzen™ 3000 Series Desktop Processors <= various
Ryzen™ PRO 3000 Series Desktop Processors <= various
Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics <= various
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database