CVE-2023-20515

EPSS 0.04%
Published 11.02.2025 22:15:26
Last modified 11.02.2025 22:15:26
Source psirt@amd.com
Teams watchlist Login
Open Login

Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.CA

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processors

Default Statusaffected

Version ComboAM4v2PI 1.2.0.CA

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.CA

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Desktop Processors

Default Statusaffected

Version ComboAM5 1.0.8.0

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.CA

Status unaffected

Version ComboAM4PI 1.0.0.B

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM4v2PI 1.2.0.CA

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version ComboAM5 1.0.8.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ 3000 Series Processors

Default Statusaffected

Version CastlePeakPI-SP3r3 1.0.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors

Default Statusaffected

Version CastlePeakWSPI-sWRX8 1.0.0.E

Status unaffected

Version ChagallWSPI-sWRX8 1.0.0.9

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors

Default Statusaffected

Version ChagallWSPI-sWRX8 1.0.0.7

Status unaffected

VendorAMD

≫

Product AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version Pollock-FT5 1.0.0.7

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics

Default Statusaffected

Version Picasso-FP5 1.0.1.1

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics

Default Statusaffected

Version RenoirPI-FP6 1.0.0.D

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics

Default Statusaffected

Version Cezanne-FP6 1.0.1.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics

Default Statusaffected

Version MendocinoPI-FT6 1.0.0.6

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics

Default Statusaffected

Version RembrandtPI-FP7 1.0.0.9b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics

Default Statusaffected

Version RembrandtPI-FP7 1.0.0.9b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics

Default Statusaffected

Version PhoenixPI-FP8-FP7 1.0.8.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ 7000 Series Mobile Processors

Default Statusaffected

Version DragonRangeFL1PI 1.0.0.3b

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded R1000

Default Statusaffected

Version EmbeddedPI-FP5 1.2.0.C

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded R2000

Default Statusaffected

Version EmbeddedR2KPI-FP5 1.0.0.3

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 5000

Default Statusaffected

Version EmbAM4PI 1.0.0.5

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded 7000

Default Statusaffected

Version EmbeddedAM5PI 1.0.0.0

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V2000

Default Statusaffected

Version EmbeddedPI-FP6 1.0.0.9

Status unaffected

VendorAMD

≫

Product AMD Ryzen™ Embedded V1000

Default Statusaffected

Version No Fix Planned

Status affected

VendorAMD

≫

Product AMD Ryzen™ Embedded V3000

Default Statusaffected

Version Embedded-PIFP7r2 1.0.0.8

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@amd.com	5.7	1.5	3.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html

https://nvd.nist.gov/vuln/detail/CVE-2023-20515

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20515

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20515

EUVD