CVE-2023-20521 Vulnerability Details

  /     /     /  

CVE-2023-20521 Metadata Quick Info

CVE Published: 14/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: AMD | Vendor: AMD | Product: Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4
Status : PUBLISHED

---

CVE-2023-20521 Description

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

Metrics

CVSS Version: 3.1 | Base Score: 3.3 LOW
Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: AMD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).