CVE-2023-20521

EPSS 0.04%
Published 14.11.2023 19:15:15
Last modified 21.11.2024 07:41:04
Source psirt@amd.com
Teams watchlist Login
Open Login

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Amd ≫ Epyc 7001 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7001 Version-

Amd ≫ Epyc 7251 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7251 Version-

Amd ≫ Epyc 7261 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7261 Version-

Amd ≫ Epyc 7281 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7281 Version-

Amd ≫ Epyc 7301 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7301 Version-

Amd ≫ Epyc 7351 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7351 Version-

Amd ≫ Epyc 7351p Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7351p Version-

Amd ≫ Epyc 7371 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7371 Version-

Amd ≫ Epyc 7401 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7401 Version-

Amd ≫ Epyc 7401p Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7401p Version-

Amd ≫ Epyc 7451 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7451 Version-

Amd ≫ Epyc 7501 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7501 Version-

Amd ≫ Epyc 7551 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7551 Version-

Amd ≫ Epyc 7551p Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7551p Version-

Amd ≫ Epyc 7601 Firmware Version < naplespi_1.0.0.h

Amd ≫ Epyc 7601 Version-

Amd ≫ Epyc 7232p Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7232p Version-

Amd ≫ Epyc 7252 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7252 Version-

Amd ≫ Epyc 7262 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7262 Version-

Amd ≫ Epyc 7272 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7272 Version-

Amd ≫ Epyc 7282 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7282 Version-

Amd ≫ Epyc 7302 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7302 Version-

Amd ≫ Epyc 7302p Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7302p Version-

Amd ≫ Epyc 7352 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7352 Version-

Amd ≫ Epyc 7402 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7402 Version-

Amd ≫ Epyc 7402p Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7402p Version-

Amd ≫ Epyc 7452 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7452 Version-

Amd ≫ Epyc 7502 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7502 Version-

Amd ≫ Epyc 7502p Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7502p Version-

Amd ≫ Epyc 7532 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7532 Version-

Amd ≫ Epyc 7542 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7542 Version-

Amd ≫ Epyc 7552 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7552 Version-

Amd ≫ Epyc 7642 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7642 Version-

Amd ≫ Epyc 7662 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7662 Version-

Amd ≫ Epyc 7702 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7702 Version-

Amd ≫ Epyc 7702p Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7702p Version-

Amd ≫ Epyc 7742 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7742 Version-

Amd ≫ Epyc 7f32 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7f32 Version-

Amd ≫ Epyc 7f52 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7f52 Version-

Amd ≫ Epyc 7f72 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7f72 Version-

Amd ≫ Epyc 7h12 Firmware Version < romepi_1.0.0.d

Amd ≫ Epyc 7h12 Version-

Amd ≫ Epyc 7763 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7763 Version-

Amd ≫ Epyc 7713p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7713p Version-

Amd ≫ Epyc 7713 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7713 Version-

Amd ≫ Epyc 7663p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7663p Version-

Amd ≫ Epyc 7663 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7663 Version-

Amd ≫ Epyc 7643p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7643p Version-

Amd ≫ Epyc 7773x Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7773x Version-

Amd ≫ Epyc 7643 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7643 Version-

Amd ≫ Epyc 7573x Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7573x Version-

Amd ≫ Epyc 75f3 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 75f3 Version-

Amd ≫ Epyc 7543p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7543p Version-

Amd ≫ Epyc 7543 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7543 Version-

Amd ≫ Epyc 7513 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7513 Version-

Amd ≫ Epyc 7473x Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7473x Version-

Amd ≫ Epyc 7453 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7453 Version-

Amd ≫ Epyc 74f3 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 74f3 Version-

Amd ≫ Epyc 7443p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7443p Version-

Amd ≫ Epyc 7443 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7443 Version-

Amd ≫ Epyc 7413 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7413 Version-

Amd ≫ Epyc 7373x Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7373x Version-

Amd ≫ Epyc 73f3 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 73f3 Version-

Amd ≫ Epyc 7343 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7343 Version-

Amd ≫ Epyc 7313p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7313p Version-

Amd ≫ Epyc 7313 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7313 Version-

Amd ≫ Epyc 7303p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7303p Version-

Amd ≫ Epyc 7303 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7303 Version-

Amd ≫ Epyc 72f3 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 72f3 Version-

Amd ≫ Epyc 7203p Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7203p Version-

Amd ≫ Epyc 7203 Firmware Version < milanpi_1.0.0.7

Amd ≫ Epyc 7203 Version-

Amd ≫ Athlon Pro 300ge Firmware Version-

Amd ≫ Athlon Pro 300ge Version-

Amd ≫ Athlon Gold Pro 3150ge Firmware Version-

Amd ≫ Athlon Gold Pro 3150ge Version-

Amd ≫ Athlon Gold 3150g Firmware Version-

Amd ≫ Athlon Gold 3150g Version-

Amd ≫ Athlon Gold Pro 3150g Firmware Version-

Amd ≫ Athlon Gold Pro 3150g Version-

Amd ≫ Ryzen Threadripper 2990wx Firmware Version < summitpi-sp3r2_1.1.0.6

Amd ≫ Ryzen Threadripper 2990wx Version-

Amd ≫ Ryzen Threadripper 2970wx Firmware Version < summitpi-sp3r2_1.1.0.6

Amd ≫ Ryzen Threadripper 2970wx Version-

Amd ≫ Ryzen Threadripper 2950x Firmware Version < summitpi-sp3r2_1.1.0.6

Amd ≫ Ryzen Threadripper 2950x Version-

Amd ≫ Ryzen Threadripper 2920x Firmware Version < summitpi-sp3r2_1.1.0.6

Amd ≫ Ryzen Threadripper 2920x Version-

Amd ≫ Ryzen 7 3780u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 7 3780u Version-

Amd ≫ Ryzen 7 3750h Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 7 3750h Version-

Amd ≫ Ryzen 7 3700c Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 7 3700c Version-

Amd ≫ Ryzen 7 3700u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 7 3700u Version-

Amd ≫ Ryzen 5 3580u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 5 3580u Version-

Amd ≫ Ryzen 5 3550h Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 5 3550h Version-

Amd ≫ Ryzen 5 3500c Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 5 3500c Version-

Amd ≫ Ryzen 5 3500u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 5 3500u Version-

Amd ≫ Ryzen 5 3450u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 5 3450u Version-

Amd ≫ Ryzen 3 3350u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 3 3350u Version-

Amd ≫ Ryzen 3 3300u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 3 3300u Version-

Amd ≫ Ryzen 3 3250u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 3 3250u Version-

Amd ≫ Ryzen 3 3250c Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 3 3250c Version-

Amd ≫ Ryzen 3 3200u Firmware Version < picassopi-fp5_1.0.0.e

Amd ≫ Ryzen 3 3200u Version-

Amd ≫ Amd 3015e Firmware Version < pollockpi-ft5_1.0.0.4

Amd ≫ Amd 3015e Version-

Amd ≫ Amd 3015ce Firmware Version < pollockpi-ft5_1.0.0.4

Amd ≫ Amd 3015ce Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.079

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.7	0.5	5.2	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
psirt@amd.com	3.3	0.3	2.7	CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002

Vendor Advisory

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20521

EUVD