CVE-2023-20527: Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a…

medium6.5CVSS 3.1

AVNACLPRLUINSUCNINAH

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.

Affected

67 ranges· showing 25

Vendor	Product	Version range	Fixed in
amd	1st_gen_epyc	—	—
amd	2nd_gen_epyc	—	—
amd	3rd_gen_epyc	—	—
amd	epyc_7001_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7002_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7003_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7232p_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7251_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7252_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7261_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7262_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7272_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7281_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7282_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_72f3_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7301_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7302_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7302p_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7313_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7313p_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7343_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5
amd	epyc_7351_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7352_firmware	< romepi_1.0.0.c	romepi_1.0.0.c
amd	epyc_7371_firmware	< naplespi_1.0.0.g	naplespi_1.0.0.g
amd	epyc_7373x_firmware	< milanpi_1.0.0.5	milanpi_1.0.0.5