cbcvebase.
CVE-2023-20526
published 2023-11-14

CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially…

medium4.6CVSS 3.1
AVPACLPRNUINSUCHINAN
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

Affected

80 ranges· showing 25
VendorProductVersion rangeFixed in
amd1st_gen_amd_epyc_processors
amd2nd_gen_amd_epyc_processors
amd3rd_gen_amd_epyc_processors
amdamd_epyc_embedded_3000
amdamd_epyc_embedded_7002
amdamd_epyc_embedded_7003
amdamd_ryzen_threadripper_2000_series_processors_colfax
amdepyc_7001_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7203_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7203p_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7232p_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7251_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7252_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7261_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7262_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7272_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7281_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7282_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_72f3_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7301_firmware< naplespi_1.0.0.hnaplespi_1.0.0.h
amdepyc_7302_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7302p_firmware< romepi_1.0.0.dromepi_1.0.0.d
amdepyc_7303_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7303p_firmware< milanpi_1.0.0.5milanpi_1.0.0.5
amdepyc_7313_firmware< milanpi_1.0.0.5milanpi_1.0.0.5