Unrated severityNVD Advisory· Published Nov 14, 2023· Updated Aug 2, 2024

CVE-2023-20521

Description

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

Affected products

osv-coords24 versions
pkg:rpm/opensuse/kernel-firmware&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/kernel-firmware&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-firmware&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/kernel-firmware&distro=openSUSE%20Leap%20Micro%205.4 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 20220509-150400.4.25.1+ 23 more
- (no CPE)range: < 20220509-150400.4.25.1
- (no CPE)range: < 20230724-150500.3.9.1
- (no CPE)range: < 20220509-150400.4.25.1
- (no CPE)range: < 20220509-150400.4.25.1
- (no CPE)range: < 20210208-150300.4.19.1
- (no CPE)range: < 20200107-150100.3.40.1
- (no CPE)range: < 20200107-150100.3.40.1
- (no CPE)range: < 20210208-150300.4.19.1
- (no CPE)range: < 20210208-150300.4.19.1
- (no CPE)range: < 20210208-150300.4.19.1
- (no CPE)range: < 20210208-150300.4.19.1
- (no CPE)range: < 20220509-150400.4.25.1
- (no CPE)range: < 20220509-150400.4.25.1
- (no CPE)range: < 20230724-150500.3.9.1
- (no CPE)range: < 20220509-150400.4.25.1
- (no CPE)range: < 20230724-150500.3.9.1
- (no CPE)range: < 20190618-5.34.1
- (no CPE)range: < 20200107-150100.3.40.1
- (no CPE)range: < 20200107-150100.3.40.1
- (no CPE)range: < 20210208-150300.4.19.1
- (no CPE)range: < 20190618-5.34.1
- (no CPE)range: < 20200107-150100.3.40.1
- (no CPE)range: < 20200107-150100.3.40.1
- (no CPE)range: < 20210208-150300.4.19.1
AMD/1st Gen AMD EPYC™ Processorsv5
Range: various
AMD/2nd Gen AMD EPYC™ Processorsv5
Range: various
AMD/3rd Gen AMD EPYC™ Processorsv5
Range: various
AMD/AMD EPYC™ Embedded 3000v5
Range: various
AMD/AMD EPYC™ Embedded 7002v5
Range: various
AMD/AMD EPYC™ Embedded 7003v5
Range: various
AMD/AMD Ryzen™ Embedded R1000v5
Range: various
AMD/AMD Ryzen™ Embedded R2000v5
Range: various
AMD/AMD Ryzen™ Embedded V1000v5
Range: various
AMD/Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4v5
Range: various
AMD/Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5v5
Range: various
AMD/Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”v5
Range: various
AMD/Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5v5
Range: various
AMD/Ryzen™ Threadripper™ 2000 Series Processors “Colfax”v5
Range: various

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002mitrevendor-advisory
www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002mitrevendor-advisory
www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000