fTPM voltage fault injection attack in AMD processors
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-20589 |
| CWE-ID | CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
AMD Ryzen 3000 Series Desktop processors Hardware solutions / Firmware AMD Ryzen PRO 3000 Series Desktop Processors Hardware solutions / Firmware AMD Ryzen 3000 Series Desktop Processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen PRO 3000 Series Processors with Radeon Vega Graphics Hardware solutions / Firmware AMD Athlon 3000 Series Processors with Radeon Graphics Hardware solutions / Firmware AMD Athlon PRO 3000 Series Processors with Radeon Vega Graphics Hardware solutions / Firmware AMD Ryzen 4000 Series Desktop processors with Radeon graphics Hardware solutions / Firmware AMD Ryzen PRO 4000 Series Desktop Processors Hardware solutions / Firmware AMD Ryzen 5000 Series Desktop Processors Hardware solutions / Firmware AMD Ryzen 5000 Series Desktop Processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen PRO 5000 Series Desktop Processors Hardware solutions / Firmware AMD Ryzen Threadripper 2000 Series Processors Hardware solutions / Firmware AMD Ryzen Threadripper 5000 Series Processors Hardware solutions / Firmware AMD Ryzen Threadripper 3000 Series Processors Hardware solutions / Firmware AMD Athlon 3000 Series Mobile processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen 5000 Series Processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen PRO 5000 Series Processors Hardware solutions / Firmware AMD Ryzen 6000 Series Processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen PRO 6000 Series Processors Hardware solutions / Firmware AMD Ryzen 7020 Series Processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen 7030 Series Processors with Radeon Graphics Hardware solutions / Firmware AMD Ryzen PRO 7030 Series Processors Hardware solutions / Firmware AMD Ryzen 7035 Series Processors with Radeon Graphics Hardware solutions / Firmware |
| Vendor | AMD |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU79173
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-20589
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to the way ASP secure boot is implemented. An attacker with physical access to device can use specialized hardware to perform a voltage fault injection attack, compromise the ASP secure boot and execute arbitrary code on the system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAMD Ryzen 3000 Series Desktop processors: All versions
AMD Ryzen PRO 3000 Series Desktop Processors: All versions
AMD Ryzen 3000 Series Desktop Processors with Radeon Graphics: All versions
AMD Ryzen PRO 3000 Series Processors with Radeon Vega Graphics: All versions
AMD Athlon 3000 Series Processors with Radeon Graphics: All versions
AMD Athlon PRO 3000 Series Processors with Radeon Vega Graphics: All versions
AMD Ryzen 4000 Series Desktop processors with Radeon graphics: All versions
AMD Ryzen PRO 4000 Series Desktop Processors: All versions
AMD Ryzen 5000 Series Desktop Processors: All versions
AMD Ryzen 5000 Series Desktop Processors with Radeon Graphics: All versions
AMD Ryzen PRO 5000 Series Desktop Processors: All versions
AMD Ryzen Threadripper 2000 Series Processors: All versions
AMD Ryzen Threadripper 5000 Series Processors: All versions
AMD Ryzen Threadripper 3000 Series Processors: All versions
AMD Athlon 3000 Series Mobile processors with Radeon Graphics: All versions
AMD Ryzen 5000 Series Processors with Radeon Graphics: All versions
AMD Ryzen PRO 5000 Series Processors: All versions
AMD Ryzen 6000 Series Processors with Radeon Graphics: All versions
AMD Ryzen PRO 6000 Series Processors: All versions
AMD Ryzen 7020 Series Processors with Radeon Graphics: All versions
AMD Ryzen 7030 Series Processors with Radeon Graphics: All versions
AMD Ryzen PRO 7030 Series Processors: All versions
AMD Ryzen 7035 Series Processors with Radeon Graphics: All versions
External linkshttp://www.amd.com/en/resources/product-security/bulletin/amd-sb-4005.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
