Vulnerability Description
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Epyc 7001 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7001 | - |
| Amd | Epyc 7251 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7251 | - |
| Amd | Epyc 7261 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7261 | - |
| Amd | Epyc 7281 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7281 | - |
| Amd | Epyc 7301 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7301 | - |
| Amd | Epyc 7351 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7351 | - |
| Amd | Epyc 7351P Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7351P | - |
| Amd | Epyc 7371 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7371 | - |
| Amd | Epyc 7401 Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7401 | - |
| Amd | Epyc 7401P Firmware | < naplespi_1.0.0.h |
| Amd | Epyc 7401P | - |
Related Weaknesses (CWE)
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001
FAQ
What is CVE-2023-20521?
CVE-2023-20521 is a vulnerability with a CVSS score of 3.3 (LOW). TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of ...
How severe is CVE-2023-20521?
CVE-2023-20521 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20521?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7001 Firmware, Amd Epyc 7001, Amd Epyc 7251 Firmware, Amd Epyc 7251, Amd Epyc 7261 Firmware.