CVE-2023-20525

CWE-20Improper Input Validation3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 46.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
52
AMD Epyc 7002 FirmwareAMD Epyc 7003 FirmwareAMD Epyc 7232p Firmware+49 more
Timeline
PublishedJan 11

Description

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages52 packages

NVDamd/epyc_7002_firmware< romepi_100d
NVDamd/epyc_7003_firmware< milanpi_1.0.0.5
NVDamd/epyc_7252_firmware< romepi_100d
NVDamd/epyc_7262_firmware< romepi_100d
NVDamd/epyc_7272_firmware< romepi_100d

🔴Vulnerability Details

2
GHSA
GHSA-7mc6-225g-xgvw: Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register pot2023-01-11
CVEList
CVE-2023-20525: Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register pot2023-01-10
CVE-2023-20525 (MEDIUM CVSS 6.5) | Insufficient syscall input validati | cvebase.io