Skip to main content

Epyc 7001 Firmware CVE-2023-20521

MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2023-11-14 psirt@amd.com
Denial Of Service Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware Epyc 7281 Firmware Epyc 7301 Firmware Epyc 7351 Firmware Epyc 7351P Firmware Epyc 7371 Firmware Epyc 7401 Firmware Epyc 7401P Firmware Epyc 7451 Firmware Epyc 7501 Firmware Epyc 7551 Firmware Epyc 7551P Firmware Epyc 7601 Firmware Epyc 7232P Firmware Epyc 7252 Firmware Epyc 7262 Firmware Epyc 7272 Firmware Epyc 7282 Firmware Epyc 7302 Firmware Epyc 7302P Firmware Epyc 7352 Firmware Epyc 7402 Firmware Epyc 7402P Firmware Epyc 7452 Firmware Epyc 7502 Firmware Epyc 7502P Firmware Epyc 7532 Firmware Epyc 7542 Firmware Epyc 7552 Firmware Epyc 7642 Firmware Epyc 7662 Firmware Epyc 7702 Firmware Epyc 7702P Firmware Epyc 7742 Firmware Epyc 7F32 Firmware Epyc 7F52 Firmware Epyc 7F72 Firmware Epyc 7H12 Firmware Epyc 7763 Firmware Epyc 7713P Firmware Epyc 7713 Firmware Epyc 7663P Firmware Epyc 7663 Firmware Epyc 7643P Firmware Epyc 7773X Firmware Epyc 7643 Firmware Epyc 7573X Firmware Epyc 75F3 Firmware Epyc 7543P Firmware Epyc 7543 Firmware Epyc 7513 Firmware Epyc 7473X Firmware Epyc 7453 Firmware Epyc 74F3 Firmware Epyc 7443P Firmware Epyc 7443 Firmware Epyc 7413 Firmware Epyc 7373X Firmware Epyc 73F3 Firmware Epyc 7343 Firmware Epyc 7313P Firmware Epyc 7313 Firmware Epyc 7303P Firmware Epyc 7303 Firmware Epyc 72F3 Firmware Epyc 7203P Firmware Epyc 7203 Firmware Athlon Pro 300Ge Firmware Athlon Gold Pro 3150Ge Firmware Athlon Gold 3150G Firmware Athlon Gold Pro 3150G Firmware Ryzen Threadripper 2990Wx Firmware Ryzen Threadripper 2970Wx Firmware Ryzen Threadripper 2950X Firmware Ryzen Threadripper 2920X Firmware Ryzen 7 3780U Firmware Ryzen 7 3750H Firmware Ryzen 7 3700C Firmware Ryzen 7 3700U Firmware Ryzen 5 3580U Firmware Ryzen 5 3550H Firmware Ryzen 5 3500C Firmware Ryzen 5 3500U Firmware Ryzen 5 3450U Firmware Ryzen 3 3350U Firmware Ryzen 3 3300U Firmware Ryzen 3 3250U Firmware Ryzen 3 3250C Firmware Ryzen 3 3200U Firmware Amd 3015E Firmware Amd 3015Ce Firmware
5.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2023 - 19:15 nvd
MEDIUM 5.7

DescriptionNVD

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

AnalysisAI

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-367. TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. Affected products include: Amd Epyc 7001 Firmware, Amd Epyc 7251 Firmware, Amd Epyc 7261 Firmware, Amd Epyc 7281 Firmware, Amd Epyc 7301 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-26340 HIGH
8.4 Dec 10

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl

CVE-2021-26335 HIGH
7.8 Nov 16

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us

CVE-2021-26331 HIGH
7.8 Nov 16

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent

CVE-2023-20592 MEDIUM
6.5 Nov 14

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervis

CVE-2023-20527 MEDIUM
6.5 Jan 11

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, po

CVE-2022-23825 MEDIUM
6.5 Jul 14

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to in

CVE-2022-29900 MEDIUM
6.5 Jul 12

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain micr

CVE-2022-23823 MEDIUM
6.5 Jun 15

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute

CVE-2022-23824 MEDIUM
5.5 Nov 09

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential in

CVE-2021-26330 MEDIUM
5.5 Nov 16

AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. Rated med

CVE-2023-20526 MEDIUM
4.6 Nov 14

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the

Share

CVE-2023-20521 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy