Amd.comAMD-SB-4005fTPM Voltage Fault Injection
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.2%
**Bulletin ID:**AMD-SB-4005 **Potential Impact:**Arbitrary Code Execution **Severity:**High
Summary
CVE-2023-20589
Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
|---|---|---|
| CVE-2023-20589 | High | An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. |
Affected Products
AMD Ryzen ™ “Zen 1”, “Zen 2”, and “Zen3” microarchitecture-based platforms.
Desktop
- AMD Ryzen™ 3000 Series Desktop Processors
- AMD Ryzen™ PRO 3000 Series Desktop Processors
- AMD Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics
- AMD Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics
- AMD Athlon™ 3000 Series Processors with Radeon™ Graphics
- AMD Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics
- AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
- AMD Ryzen™ PRO 4000 Series Desktop Processors
- AMD Ryzen™ 5000 Series Desktop Processors
- AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics
- AMD Ryzen™ PRO 5000 Series Desktop Processors
High-End Desktop (HEDT)
- AMD Ryzen™ Threadripper™ 2000 Series Processors
- AMD Ryzen™ Threadripper™ 5000 Series Processors
- AMD Ryzen™ Threadripper™ 3000 Series Processors
Mobile
- AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
- AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
- AMD Ryzen™ PRO 5000 Series Processors
- AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
- AMD Ryzen™ PRO 6000 Series Processors
- AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
- AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics
- AMD Ryzen™ PRO 7030 Series Processors
- AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
Mitigation
AMD believes the methods described in the report can only be applied on individual units and with prolonged physical access. Physical attacks are not part of the threat protection model for the affected AMD products. AMD believes a platform-level mitigation is possible for systems that support an Embedded Security Controller (ESC)/Platform Root-of-trust (PRoT). AMD recommends OEMs investigate the feasibility of this mitigation on affected systems.
Related
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.2%