CVE-2023-20524

2023-05-0918:36:29

AMD

www.cve.org

asp compromise

malformed commands

out of bounds write

loss of integrity

cpu vulnerability

EPSS

0.001

Percentile

19.4%

JSON

An attacker with a compromised ASP could
possibly send malformed commands to an ASP on another CPU, resulting in an out
of bounds write, potentially leading to a loss a loss of integrity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "2nd Gen AMD EPYC™ ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "AGESA",
    "platforms": [
      "x86"
    ],
    "product": "3rd Gen AMD EPYC™ ",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various "
      }
    ]
  }
]

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001

EPSS

0.001

Percentile

19.4%

JSON

Related for CVELIST:CVE-2023-20524