CVE-2023-20521
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-20521
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
AMD EPYC 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AMD EPYC是美国超威半导体(AMD)公司的一款x86架构服务器微处理器产品线,中文名为“霄龙”,采用Zen微架构。 AMD EPYC 存在安全漏洞,该漏洞源于 ASP 引导加载程序中的 TOCTOU 可能允许具有物理访问权限的攻击者在验证内存内容后篡改 SPI ROM 记录,从而可能导致机密性丢失或拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AMD | Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 | various | - | |
| AMD | Ryzen™ Threadripper™ 2000 Series Processors “Colfax” | various | - | |
| AMD | Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 | various | - | |
| AMD | Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” | various | - | |
| AMD | Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 | various | - | |
| AMD | 1st Gen AMD EPYC™ Processors | various | - | |
| AMD | 2nd Gen AMD EPYC™ Processors | various | - | |
| AMD | 3rd Gen AMD EPYC™ Processors | various | - | |
| AMD | AMD EPYC™ Embedded 3000 | various | - | |
| AMD | AMD EPYC™ Embedded 7002 | various | - | |
| AMD | AMD EPYC™ Embedded 7003 | various | - | |
| AMD | AMD Ryzen™ Embedded R1000 | various | - | |
| AMD | AMD Ryzen™ Embedded R2000 | various | - | |
| AMD | AMD Ryzen™ Embedded V1000 | various | - |
II. Public POCs for CVE-2023-20521
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-20521
请登录查看更多情报信息。
Same Patch Batch · AMD · 2023-11-14 · 20 CVEs total
| CVE-2022-23820 | 7.5 HIGH | AMD EPYC 安全漏洞 |
| CVE-2021-46774 | 6.7 MEDIUM | AMD EPYC 安全漏洞 |
| CVE-2023-20533 | 6.1 MEDIUM | AMD EPYC 安全漏洞 |
| CVE-2023-20566 | 5.3 MEDIUM | AMD EPYC 安全漏洞 |
| CVE-2021-46766 | 2.5 LOW | AMD EPYC 安全漏洞 |
| CVE-2023-20526 | 1.9 LOW | AMD EPYC 安全漏洞 |
| CVE-2022-23830 | 1.9 LOW | AMD EPYC 安全漏洞 |
| CVE-2021-26345 | 1.9 LOW | AMD EPYC 缓冲区错误漏洞 |
| CVE-2021-46748 | AMD Secure Processor 安全漏洞 | |
| CVE-2023-20596 | AMD Ryzen 安全漏洞 | |
| CVE-2023-20567 | AMD Graphics Driver 安全漏洞 | |
| CVE-2023-20568 | AMD Graphics Driver 安全漏洞 | |
| CVE-2023-20519 | AMD EPYC 资源管理错误漏洞 | |
| CVE-2023-20592 | AMD CPU 安全漏洞 | |
| CVE-2021-46758 | AMD Secure Processor 安全漏洞 | |
| CVE-2022-23821 | AMD System Management Mode 安全漏洞 | |
| CVE-2023-20563 | AMD CPU 安全漏洞 | |
| CVE-2023-20565 | AMD CPU 安全漏洞 | |
| CVE-2023-20571 | AMD CPU 安全漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2023-20521
No comments yet