Strix
26.1K

CVE-2023-20570

LOWCVSS 3.3/10EPSS 0.10%

Last modified

CVE-2023-20570 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. . EPSS estimates a 0.10% chance of exploitation in the next 30 days.

Description

Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.

Metrics

CVSS 3.1
3.3/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Probability
0.10%

1.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AmdAlveo U50 FirmwareAll versions
AmdAlveo U200 FirmwareAll versions
AmdAlveo U250 FirmwareAll versions
AmdAlveo U280 FirmwareAll versions
AmdKintex Ultrascale\+ Ku3p FirmwareAll versions
AmdKintex Ultrascale\+ Ku5p FirmwareAll versions
AmdKintex Ultrascale\+ Ku9p FirmwareAll versions
AmdKintex Ultrascale\+ Ku11p FirmwareAll versions
AmdKintex Ultrascale\+ Ku13p FirmwareAll versions
AmdKintex Ultrascale\+ Ku15p FirmwareAll versions
AmdKintex Ultrascale\+ Ku19p FirmwareAll versions
AmdKintex Ultrascale Ku025 FirmwareAll versions
AmdKintex Ultrascale Ku035 FirmwareAll versions
AmdKintex Ultrascale Ku040 FirmwareAll versions
AmdKintex Ultrascale Ku060 FirmwareAll versions
AmdKintex Ultrascale Ku085 FirmwareAll versions
AmdKintex Ultrascale Ku095 FirmwareAll versions
AmdKintex Ultrascale Ku115 FirmwareAll versions
AmdVirtex Ultrascale Xcvu065 FirmwareAll versions
AmdVirtex Ultrascale Xcvu080 FirmwareAll versions
AmdVirtex Ultrascale Xcvu095 FirmwareAll versions
AmdVirtex Ultrascale Xcvu125 FirmwareAll versions
AmdVirtex Ultrascale Xcvu160 FirmwareAll versions
AmdVirtex Ultrascale Xcvu190 FirmwareAll versions
AmdVirtex Ultrascale Xcvu440 FirmwareAll versions
AmdVirtex Ultrascale\+ Vu3p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu5p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu7p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu9p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu11p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu13p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu19p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu23p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu27p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu29p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu31p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu33p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu35p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu37p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu45p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu47p FirmwareAll versions
AmdVirtex Ultrascale\+ Vu57p FirmwareAll versions
AmdArtix Ultrascale\+ Au7p FirmwareAll versions
AmdArtix Ultrascale\+ Au10p FirmwareAll versions
AmdArtix Ultrascale\+ Au15p FirmwareAll versions
AmdArtix Ultrascale\+ Au20p FirmwareAll versions
AmdArtix Ultrascale\+ Au25p FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-20570?
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.
How severe is CVE-2023-20570?
CVE-2023-20570 has a CVSS score of 3.3/10 (LOW severity). The EPSS model estimates a 0.10% probability of exploitation in the next 30 days.
How do I fix CVE-2023-20570?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20570?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST