Main Vulnerability Database Vulnerabilities #VU84027

Input validation error in AMD products - CVE-2023-20526

Published: December 8, 2023

Vulnerability identifier: #VU84027

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-20526

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: AMD

Affected software:
1st Gen AMD EPYC Processors
2nd Gen AMD EPYC Processors
3rd Gen AMD EPYC Processors

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in the ASP Bootloader. An attacker with physical access to device can read contents of ASP memory.

How to mitigate CVE-2023-20526

Install updates from vendor's website.

Sources

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3002.html

Input validation error in AMD products - CVE-2023-20526

Detailed vulnerability description

How to mitigate CVE-2023-20526

Sources

Please verify you're human