Epyc 72F3 Firmware
CVE-2023-20520
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.
AnalysisAI
Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution. Affected products include: Amd Epyc 72F3 Firmware, Amd Epyc 7313 Firmware, Amd Epyc 7313P Firmware, Amd Epyc 7343 Firmware, Amd Epyc 7373X Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Epyc 72F3 Firmware
View allA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. R
A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a g
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially le
Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. Rated high se
When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW,
Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. Rated high severity (CVSS 7.8)
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integri
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today