12 matches found
EUVD-2023-24768
Malicious code in bioql PyPI...
Voltage Fault Injection on SEV Virtual Machines
Summary Researchers shared with AMD a report titled “Voltage Fault Injection on SEV-protected Virtual Machines.” The report noted a Voltage Fault Injection VFI attack targeting AMD EPYC™ 7272 CPUs running Secure Encrypted Virtualization SEV protected virtual machines VMs. Physical attacks such as...
Physical Attacks Leading to Bypass of ASP Boot ROM Secure Boot
Summary Researchers shared a report titled “Code Execution on Zen 4 PSP using Voltage Fault Injection.” In the paper, the researchers reported their findings on Voltage Fault Injection VFI attacks targeting AMD “Zen 4” CPUs, specifically the Ryzen™ 8600G model. The researchers claim these types o...
CVE-2023-20589
A flaw was found in hw. This flaw allows an attacker with specialized hardware and physical access to an impacted device to perform a voltage fault injection attack, compromising the ASP secure boot and potentially leading to arbitrary code execution. Mitigation Mitigation for this issue is eithe...
CVE-2023-20589
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution...
Design/Logic Flaw
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution...
CVE-2023-20589 fTPM Voltage Fault Injection
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution...
CVE-2023-20589
The CVE-2023-20589 entry corresponds to a voltage fault injection vulnerability affecting fTPM ASP secure boot on AMD Ryzen platforms (Zen 1/2/3). The AMD-SB-4005 bulletin provides concrete details: potential arbitrary code execution via physical access and specialized hardware, impacting a wide ...
PT-2023-17470 · Amd · Ryzen™ Threadripper™ 5000 Series Processors +93
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack, resulting in th...
AMD Ryzen Security Breach
AMD Ryzen is a central processing unit CPU from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Ryzen that originates from a vulnerability that allows an attacker to perform a voltage fault injection attack that compromises the ASP secure boot and results in arbitrary code...
fTPM Voltage Fault Injection
Bulletin ID: AMD-SB-4005 Potential Impact: Arbitrary Code Execution Severity: High Summary CVE-2023-20589 Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical...
PT-2022-9746 · Suse · Suse
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient bound checks in the System Management Unit SMU, which may cause a system voltage malfunction. This could potentiall...