CVE-2023-20521

medium

Description

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002

Details

Source: Mitre, NVD

Published: 2023-11-14

Updated: 2024-02-13

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.7

Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H