Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (AMD) · only source for this CVE.
CVSS VectorVendor: AMD
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
AnalysisAI
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input,. Rated low severity (CVSS 1.8). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-208. An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity. Affected products include: Amd Amd Ryzen™ 3000 Series Desktop Processors, Amd Amd Ryzen™ 5000 Series Desktop Processors, Amd Amd Ryzen™ Threadripper™ 3000 Series Processors, Amd Amd Ryzen™ Threadripper™ Pro 3000Wx Series Processors, Amd Amd Ryzen™ Threadripper™ Pro 5000 Wx-Series Processors.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker
DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrat
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against th
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside th
Same weakness CWE-208 – Observable Timing Discrepancy
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-60597
GHSA-q66m-cmxr-cpcf