CVE-2023-20589 — AMD Athlon 3000 Series Mobile Processors With Radeon Graphics vulnerability

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 70.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD Athlon 3000 Series Mobile Processors With Radeon Graphics AMD Athlon 3000 Series Processors With Radeon Graphics AMD Athlon PRO 3000 Series Processors With Radeon Vega Graphics +19 more

Timeline

PublishedAug 8

Description

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages22 packages

▶CVEListV5amd/ryzen_pro_5000_series_processorsvarious

▶CVEListV5amd/ryzen_pro_6000_series_processorsvarious

▶CVEListV5amd/ryzen_pro_7030_series_processorsvarious

▶CVEListV5amd/ryzen_3000_series_desktop_processorsvarious

▶CVEListV5amd/ryzen_5000_series_desktop_processorsvarious

🔴Vulnerability Details

GHSA

GHSA-p4r5-8jr9-cwgv: An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in c↗2023-08-08

▶

📋Vendor Advisories

Red Hat

hw: amd: fTPM Voltage Fault Injection↗2023-08-08

▶