Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
May 09, 2023 - 19:15 nvd
HIGH 7.5

DescriptionNVD

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.

AnalysisAI

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity. Affected products include: Amd Epyc 72F3 Firmware, Amd Epyc 7313 Firmware, Amd Epyc 7313P Firmware, Amd Epyc 7343 Firmware, Amd Epyc 7373X Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2023-20520 CRITICAL
9.8 May 09

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-b

CVE-2023-20569 MEDIUM POC
4.7 Aug 08

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. R

CVE-2021-26340 HIGH
8.4 Dec 10

A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to fl

CVE-2024-21980 HIGH
7.9 Aug 05

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a g

CVE-2024-21978 HIGH
7.9 Aug 05

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially le

CVE-2021-26335 HIGH
7.8 Nov 16

Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to us

CVE-2021-26331 HIGH
7.8 Nov 16

AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox ent

CVE-2021-26323 HIGH
7.8 Nov 16

Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. Rated high se

CVE-2021-26315 HIGH
7.8 Nov 16

When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW,

CVE-2021-26326 HIGH
7.8 Nov 16

Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. Rated high severity (CVSS 7.8)

CVE-2023-20566 HIGH
7.5 Nov 14

Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integri

CVE-2023-20533 HIGH
7.5 Nov 14

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an inva

Share

CVE-2023-20524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy