Lucene search
AMDVULNRICHMENT:CVE-2023-20518HistoryAug 13, 2024 - 4:52 p.m.
CVE-2023-20518
2024-08-1316:52:55
AMD
github.com
1
asp
master encryption key
bios menu
uefi shell
memory exfiltration vulnerability
confidentiality
CVSS3
1.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
CNA Affected
[
{
"vendor": "AMD",
"product": "AMD EPYC⢠9004 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.4",
"versionType": "PI"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠3000 Series Desktop Processors",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V1 1.0.0.A"
},
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠5000 Series Desktop Processors",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠5000 Series Desktop Processor with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠7000 Series Desktop Processors",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.6"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Athlon⢠3000 Series Desktop Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
},
{
"status": "unaffected",
"version": "ComboAM4V1 1.0.0.A"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠4000 Series Desktop Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 1.2.0.A"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Threadripper⢠3000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.9"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Threadripper⢠PRO 3000WX Series Processors",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.B"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Threadripper⢠PRO 5000WX Processors",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.6"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Athlon⢠3000 Series Mobile Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.F"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Athlon⢠3000 Series Mobile Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.5"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠3000 Series Mobile Processor with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.F"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠4000 Series Mobile Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.C"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠5000 Series Mobile Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠5000 Series Mobile Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠7020 Series Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.4"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠6000 Series Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.8"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠7035 Series Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.8"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠5000 Series Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠3000 Series Processors with Radeon⢠Graphics",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.E"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded R1000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded R2000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded 5000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.3"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded 7000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded V1000 Series Processors",
"versions": [
{
"status": "affected",
"version": "various"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded V2000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.8"
}
],
"defaultStatus": "affected"
},
{
"vendor": "AMD",
"product": "AMD Ryzen⢠Embedded V3000 Series Processors",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.5"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2023-20518
2024-08-13 17:15:19
nvd
nvd
CVE-2023-20518
2024-08-13 17:15:19
cvelist
cvelist
CVE-2023-20518
2024-08-13 16:52:55
amd
amd
AMD Server Vulnerabilities â August 2024
2024-08-13 00:00:00
Client Vulnerabilities â Aug 2024
2024-08-13 00:00:00
AMD Embedded Processors Vulnerabilities â Aug 2024
2024-08-13 00:00:00
CVSS3
1.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
AI Score
6.7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-20518