Strix
26.1K

CVE-2023-20589

MEDIUMCVSS 6.8/10EPSS 0.51%

Last modified

CVE-2023-20589 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.  . EPSS estimates a 0.51% chance of exploitation in the next 30 days.

Description

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.51%

39.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
AmdRyzen 5 Pro 3400g FirmwareAll versions
AmdRyzen 5 3400g FirmwareAll versions
AmdRyzen 5 Pro 3400ge FirmwareAll versions
AmdRyzen 5 Pro 3350g FirmwareAll versions
AmdRyzen 5 Pro 3350ge FirmwareAll versions
AmdRyzen 3 Pro 3200g FirmwareAll versions
AmdRyzen 3 3200g FirmwareAll versions
AmdRyzen 3 3200ge FirmwareAll versions
AmdRyzen 3 Pro 3200ge FirmwareAll versions
AmdRyzen 9 3950x FirmwareAll versions
AmdRyzen 9 3900xt FirmwareAll versions
AmdRyzen 9 3900x FirmwareAll versions
AmdRyzen 9 3900 FirmwareAll versions
AmdRyzen 7 3800xt FirmwareAll versions
AmdRyzen 7 3800x FirmwareAll versions
AmdRyzen 7 3700x FirmwareAll versions
AmdRyzen 5 3600xt FirmwareAll versions
AmdRyzen 5 3600x FirmwareAll versions
AmdRyzen 5 3600 FirmwareAll versions
AmdRyzen 5 3500x FirmwareAll versions
AmdRyzen 5 3500 FirmwareAll versions
AmdRyzen 3 3300x FirmwareAll versions
AmdRyzen 3 3100 FirmwareAll versions
AmdRyzen Threadripper Pro 3995wx FirmwareAll versions
AmdRyzen Threadripper Pro 3975wx FirmwareAll versions
AmdRyzen Threadripper Pro 3955wx FirmwareAll versions
AmdRyzen Threadripper Pro 3945wx FirmwareAll versions
AmdRyzen Threadripper 3990x FirmwareAll versions
AmdRyzen Threadripper 3970x FirmwareAll versions
AmdRyzen Threadripper 3960x FirmwareAll versions
Amd4700s FirmwareAll versions
AmdRyzen 5 4500 FirmwareAll versions
AmdRyzen 3 4100 FirmwareAll versions
AmdRyzen 7 4700g FirmwareAll versions
AmdRyzen 7 4700ge FirmwareAll versions
AmdRyzen 5 4600g FirmwareAll versions
AmdRyzen 5 4600ge FirmwareAll versions
AmdRyzen 3 4300g FirmwareAll versions
AmdRyzen 3 4300ge FirmwareAll versions
AmdRyzen 9 5950x FirmwareAll versions
AmdRyzen 9 5900x FirmwareAll versions
AmdRyzen 9 5900 FirmwareAll versions
AmdRyzen 9 Pro 5945 FirmwareAll versions
AmdRyzen 7 5800x3d FirmwareAll versions
AmdRyzen 7 5800x FirmwareAll versions
AmdRyzen 7 5800 FirmwareAll versions
AmdRyzen 7 5700x FirmwareAll versions
AmdRyzen 7 Pro 5845 FirmwareAll versions
AmdRyzen 5 5600x3d FirmwareAll versions
AmdRyzen 5 5600x FirmwareAll versions

Showing 50 of 122 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-20589?
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
How severe is CVE-2023-20589?
CVE-2023-20589 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.51% probability of exploitation in the next 30 days.
How do I fix CVE-2023-20589?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-20589?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST