CVE-2023-20523

CWE-3673 documents3 sources
Severity
5.7MEDIUM
EPSS
0.1%
top 75.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
52
AMD Epyc 7002 FirmwareAMD Epyc 7003 FirmwareAMD Epyc 7232p Firmware+49 more
Timeline
PublishedJan 11

Description

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 0.5 | Impact: 5.2

Affected Packages52 packages

NVDamd/epyc_7002_firmware< romepi_1.0.0.c
NVDamd/epyc_7003_firmware< milanpi_1.0.0.5
NVDamd/epyc_7252_firmware< romepi_1.0.0.c
NVDamd/epyc_7262_firmware< romepi_1.0.0.c
NVDamd/epyc_7272_firmware< romepi_1.0.0.c

🔴Vulnerability Details

2
GHSA
GHSA-4p53-c8jq-g93h: TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service2023-01-11
CVEList
CVE-2023-20523: TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service2023-01-10
CVE-2023-20523 (MEDIUM CVSS 5.7) | TOCTOU in the ASP may allow a physi | cvebase.io