CVE-2023-20570

2024-02-1317:14:09

AMD

www.cve.org

data authenticity

local attacker

bitstreams

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.0%

JSON

Insufficient verification of data authenticity in
the configuration state machine may allow a local attacker to potentially load
arbitrary bitstreams.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Alveo™ Card (UltraScale™and UltraScale+™ based)",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Kintex™ UltraScale™ FPGA",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Virtex™ UltraScale™ FPGA",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Kintex™UltraScale+™ FPGA",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Virtex™ UltraScale+™FPGA",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Artix™ UltraScale+™ FPGA",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

References

www.amd.com/en/resources/product-security/bulletin/amd-sb-8002.html