Amd Athlon 3000 Series Mobile Processors With Radeon Graphics
CVE-2023-20572
|
EUVD-2023-60598
MEDIUM
Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (AMD) · only source for this CVE.
CVSS VectorVendor: AMD
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
AnalysisAI
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message,. Rated medium severity (CVSS 5.6). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-208. An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity. Affected products include: Amd Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics, Amd Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics, Amd Amd Ryzen™ 7030 Series Mobile Processors With Radeon™ Graphics, Amd Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics, Amd Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrat
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside th
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly cre
Same weakness CWE-208 – Observable Timing Discrepancy
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-p6jw-r4v7-58qx