CVE-2023-20521
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2023
Last modified:
18/06/2024
Description
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
Impact
Base Score 3.x
5.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7261_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7281_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7301_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7351_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7351p_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7371_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) |
To consult the complete list of CPE names with products and versions, see this page