First published: Tue Nov 14 2023(Updated: )
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
Credit: psirt@amd.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Amd Epyc Server Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7001 Firmware | ||
All of | ||
AMD EPYC 7251 Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7251 Firmware | ||
All of | ||
AMD EPYC 7261 Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7261 | ||
All of | ||
Amd Epyc Server Firmware | <naplespi_1.0.0.h | |
AMD EPYC Server | ||
All of | ||
Amd Epyc Server Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7301 Firmware | ||
All of | ||
AMD EPYC 7351P Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7351 Firmware | ||
All of | ||
AMD EPYC 7351P Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7351P Firmware | ||
All of | ||
AMD EPYC 7371 Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7371 Firmware | ||
All of | ||
AMD EPYC 7401P Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7401 Firmware | ||
All of | ||
AMD EPYC 7401P Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7401P Firmware | ||
All of | ||
AMD EPYC 7451 Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7451 Firmware | ||
All of | ||
AMD EPYC 7501 Firmware | <naplespi_1.0.0.h | |
AMD EPYC Server | ||
All of | ||
AMD EPYC 7551P Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7551 Firmware | ||
All of | ||
AMD EPYC 7551P Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7551P Firmware | ||
All of | ||
AMD EPYC 7601 Firmware | <naplespi_1.0.0.h | |
AMD EPYC 7601 Firmware | ||
All of | ||
AMD EPYC 7232p firmware | <romepi_1.0.0.d | |
AMD EPYC 7232p firmware | ||
All of | ||
AMD EPYC 7252 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7252 Firmware | ||
All of | ||
AMD EPYC 7262 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7262 Firmware | ||
All of | ||
AMD EPYC 7272 firmware | <romepi_1.0.0.d | |
AMD EPYC 7272 firmware | ||
All of | ||
AMD EPYC 7282 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7282 Firmware | ||
All of | ||
Amd Epyc Server Firmware | <romepi_1.0.0.d | |
AMD EPYC 7302 Firmware | ||
All of | ||
AMD EPYC 7302P Firmware | <romepi_1.0.0.d | |
AMD EPYC 7302P Firmware | ||
All of | ||
AMD EPYC Firmware | <romepi_1.0.0.d | |
AMD EPYC 7352 firmware | ||
All of | ||
Amd Epyc Server Firmware | <romepi_1.0.0.d | |
AMD EPYC 7402 Firmware | ||
All of | ||
AMD EPYC 7402P Firmware | <romepi_1.0.0.d | |
AMD EPYC 7402P Firmware | ||
All of | ||
AMD EPYC 7452 Firmware | <romepi_1.0.0.d | |
AMD EPYC Server | ||
All of | ||
AMD EPYC 7502 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7502 firmware | ||
All of | ||
AMD EPYC 7502P Firmware | <romepi_1.0.0.d | |
AMD EPYC 7502P Firmware | ||
All of | ||
AMD EPYC 7532 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7532 Firmware | ||
All of | ||
AMD EPYC 7542 Firmware | <romepi_1.0.0.d | |
AMD EPYC Server | ||
All of | ||
AMD EPYC 7552 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7552 Firmware | ||
All of | ||
AMD EPYC 7642 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7642 Firmware | ||
All of | ||
AMD EPYC 7662 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7662 Firmware | ||
All of | ||
AMD EPYC 7702p firmware | <romepi_1.0.0.d | |
AMD EPYC Server | ||
All of | ||
AMD EPYC 7702 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7702P | ||
All of | ||
AMD EPYC 7742 Firmware | <romepi_1.0.0.d | |
AMD EPYC Server | ||
All of | ||
AMD EPYC 7F32 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7F32 Firmware | ||
All of | ||
AMD EPYC 7F52 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7F52 Firmware | ||
All of | ||
AMD EPYC 7F72 | <romepi_1.0.0.d | |
AMD EPYC 7F72 Firmware | ||
All of | ||
AMD EPYC 7H12 Firmware | <romepi_1.0.0.d | |
AMD EPYC 7H12 Firmware | ||
All of | ||
AMD EPYC 7763 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7763 Firmware | ||
All of | ||
AMD EPYC 7713P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7713P Firmware | ||
All of | ||
AMD EPYC 7713P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7713 Firmware | ||
All of | ||
AMD EPYC 7663P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7663P Firmware | ||
All of | ||
AMD EPYC 7663 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7663 Firmware | ||
All of | ||
AMD EPYC Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7643P Firmware | ||
All of | ||
AMD EPYC 7773X Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7773X Firmware | ||
All of | ||
AMD EPYC 7643P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7643 Firmware | ||
All of | ||
AMD EPYC 7573X Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7573X Firmware | ||
All of | ||
AMD EPYC 75F3 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 75F3 Firmware | ||
All of | ||
AMD EPYC 7543P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7543P Firmware | ||
All of | ||
Amd Epyc Server Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7543 Firmware | ||
All of | ||
AMD EPYC 7513 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7513 Firmware | ||
All of | ||
AMD EPYC 7473X Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7473X Firmware | ||
All of | ||
Amd Epyc Server Firmware | <milanpi_1.0.0.7 | |
AMD EPYC Server | ||
All of | ||
AMD EPYC 74F3 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 74F3 Firmware | ||
All of | ||
AMD EPYC 7443P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7443P Firmware | ||
All of | ||
AMD EPYC 7443P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7443P | ||
All of | ||
AMD EPYC 7413 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7413 Firmware | ||
All of | ||
AMD EPYC 7373X Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7373X Firmware | ||
All of | ||
AMD EPYC 73F3 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 73F3 Firmware | ||
All of | ||
Amd Epyc Server Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7343 Firmware | ||
All of | ||
AMD EPYC 7313P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7313P Firmware | ||
All of | ||
AMD EPYC Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7313 Firmware | ||
All of | ||
AMD EPYC 7303P Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7303P | ||
All of | ||
AMD EPYC 7303 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7303 Firmware | ||
All of | ||
AMD EPYC 72F3 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 72F3 Firmware | ||
All of | ||
AMD EPYC Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7203P Firmware | ||
All of | ||
AMD EPYC 7203 Firmware | <milanpi_1.0.0.7 | |
AMD EPYC 7203 Firmware | ||
All of | ||
AMD Athlon Pro 300GE Firmware | ||
AMD Athlon Pro 300GE Firmware | ||
All of | ||
AMD Athlon Gold Pro 3150GE | ||
AMD Athlon Gold Pro 3150GE Firmware | ||
All of | ||
AMD Athlon Gold Pro 3150G Firmware | ||
AMD Athlon Gold 3150G Firmware | ||
All of | ||
AMD Athlon Gold Pro 3150G Firmware | ||
AMD Athlon Gold Pro 3150G Firmware | ||
All of | ||
AMD Ryzen Threadripper 2990WX | <summitpi-sp3r2_1.1.0.6 | |
AMD Ryzen Threadripper 2990WX | ||
All of | ||
AMD Ryzen Threadripper 2970WX Firmware | <summitpi-sp3r2_1.1.0.6 | |
AMD Ryzen Threadripper 2970WX Firmware | ||
All of | ||
AMD Ryzen Threadripper 2950X Firmware | <summitpi-sp3r2_1.1.0.6 | |
AMD Ryzen Threadripper 2950X Firmware | ||
All of | ||
AMD Ryzen Threadripper 2920X | <summitpi-sp3r2_1.1.0.6 | |
AMD Ryzen Threadripper 2920X Firmware | ||
All of | ||
AMD Ryzen 7 3780U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 7 3780U Firmware | ||
All of | ||
AMD Ryzen 7 3750H Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 7 3750H Firmware | ||
All of | ||
AMD Ryzen 7 3700C Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 7 3700C Firmware | ||
All of | ||
AMD Ryzen 7 Pro 3700U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 7 3700U | ||
All of | ||
AMD Ryzen 5 3580U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 5 3580U Firmware | ||
All of | ||
AMD Ryzen 5 3550H Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 5 3550H Firmware | ||
All of | ||
AMD Ryzen 5 3500C Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 5 3500C Firmware | ||
All of | ||
AMD Ryzen 5 Pro 3500U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 5 3500U Firmware | ||
All of | ||
AMD Ryzen 5 3450U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 5 3450U | ||
All of | ||
AMD Ryzen 3 3350U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 3 3350U Firmware | ||
All of | ||
AMD Ryzen 3 Pro 3300U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 3 Pro 3300U | ||
All of | ||
AMD Ryzen 3 3250U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 3 3250U Firmware | ||
All of | ||
AMD Ryzen 3 3250C Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 3 3250C Firmware | ||
All of | ||
AMD Ryzen 3 3200U Firmware | <picassopi-fp5_1.0.0.e | |
AMD Ryzen 3 3200U Firmware | ||
All of | ||
AMD 3015e firmware | <pollockpi-ft5_1.0.0.4 | |
AMD 3015e firmware | ||
All of | ||
AMD 3015CE Firmware | <pollockpi-ft5_1.0.0.4 | |
AMD AMD 3015ce firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-20521 is considered high due to the potential compromise of confidentiality and denial of service.
To fix CVE-2023-20521, update to the latest firmware version provided by AMD that addresses this vulnerability.
CVE-2023-20521 affects specific AMD EPYC processor firmware versions prior to the latest release.
CVE-2023-20521 involves a time-of-check to time-of-use (TOCTOU) vulnerability that allows an attacker with physical access to manipulate SPI ROM records.
Exploitation of CVE-2023-20521 could lead to unauthorized access to sensitive data or denial of service due to compromised firmware integrity.