Vulnerability Description
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | Ryzen 5 Pro 3400G Firmware | - |
| Amd | Ryzen 5 Pro 3400G | - |
| Amd | Ryzen 5 3400G Firmware | - |
| Amd | Ryzen 5 3400G | - |
| Amd | Ryzen 5 Pro 3400Ge Firmware | - |
| Amd | Ryzen 5 Pro 3400Ge | - |
| Amd | Ryzen 5 Pro 3350G Firmware | - |
| Amd | Ryzen 5 Pro 3350G | - |
| Amd | Ryzen 5 Pro 3350Ge Firmware | - |
| Amd | Ryzen 5 Pro 3350Ge | - |
| Amd | Ryzen 3 Pro 3200G Firmware | - |
| Amd | Ryzen 3 Pro 3200G | - |
| Amd | Ryzen 3 3200G Firmware | - |
| Amd | Ryzen 3 3200G | - |
| Amd | Ryzen 3 3200Ge Firmware | - |
| Amd | Ryzen 3 3200Ge | - |
| Amd | Ryzen 3 Pro 3200Ge Firmware | - |
| Amd | Ryzen 3 Pro 3200Ge | - |
| Amd | Ryzen 9 3950X Firmware | - |
| Amd | Ryzen 9 3950X | - |
References
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005Vendor Advisory
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005Vendor Advisory
FAQ
What is CVE-2023-20589?
CVE-2023-20589 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially lead...
How severe is CVE-2023-20589?
CVE-2023-20589 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20589?
Check the references section above for vendor advisories and patch information. Affected products include: Amd Ryzen 5 Pro 3400G Firmware, Amd Ryzen 5 Pro 3400G, Amd Ryzen 5 3400G Firmware, Amd Ryzen 5 3400G, Amd Ryzen 5 Pro 3400Ge Firmware.