CVE-2023-20518 - Vulnerability Details

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

Type	Values Removed	Values Added
Weaknesses		CWE-459

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
References		https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html
Metrics		cvssV3_1 `{'score': 1.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20518", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "state": "PUBLISHED", "assignerShortName": "AMD", "dateReserved": "2022-10-27T18:53:39.736Z", "datePublished": "2024-08-13T16:52:55.976Z", "dateUpdated": "2024-11-05T17:10:30.170Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "GenoaPI 1.0.0.4", "versionType": "PI"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4V1 1.0.0.A"}, {"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM5 1.0.0.6"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}, {"status": "unaffected", "version": "ComboAM4V1 1.0.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CastlePeakPI-SP3r3  1.0.0.9"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8  1.0.0.6"}, {"status": "unaffected", "version": "CastlePeakWSPI-sWRX8  1.0.0.B"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5  1.0.0.F"}]}, {"defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PollockPI-FT5   1.0.0.5"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5  1.0.0.F"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RenoirPI-FP6  1.0.0.C"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.E"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6  1.0.0.E"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.4"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.E"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.E"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5  1.2.0.A"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbAM4PI 1.0.0.3"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedAM5PI  1.0.0.0"}]}, {"defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [{"status": "affected", "version": "various"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.8"}]}, {"defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.5"}]}], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>"}], "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-08-13T16:52:55.976Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"}], "source": {"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-459", "lang": "en", "description": "CWE-459 Incomplete Cleanup"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-15T14:20:09.090291Z", "id": "CVE-2023-20518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T17:10:30.170Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-20518 (string)

assignerOrgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

state : PUBLISHED (string)

assignerShortName : AMD (string)

dateReserved : 2022-10-27T18:53:39.736Z (string)

datePublished : 2024-08-13T16:52:55.976Z (string)

dateUpdated : 2024-11-05T17:10:30.170Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : affected (string)

product : AMD EPYC™ 9004 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : GenoaPI 1.0.0.4 (string)

versionType : PI (string)

}

]

}

1 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 3000 Series Desktop Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V1 1.0.0.A (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

}

2 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Desktop Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

}

3 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

}

4 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7000 Series Desktop Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM5 1.0.0.6 (string)

}

]

}

5 : { »

defaultStatus : affected (string)

product : AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4V1 1.0.0.A (string)

}

]

}

6 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

}

7 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Threadripper™ 3000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CastlePeakPI-SP3r3 1.0.0.9 (string)

}

]

}

8 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.6 (string)

}

1 : { »

status : unaffected (string)

version : CastlePeakWSPI-sWRX8 1.0.0.B (string)

}

]

}

9 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Threadripper™ PRO 5000WX Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.6 (string)

}

]

}

10 : { »

defaultStatus : affected (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.F (string)

}

]

}

11 : { »

defaultStatus : affected (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PollockPI-FT5 1.0.0.5 (string)

}

]

}

12 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.F (string)

}

]

}

13 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RenoirPI-FP6 1.0.0.C (string)

}

]

}

14 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

}

15 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

}

16 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : MendocinoPI-FT6 1.0.0.4 (string)

}

]

}

17 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.8 (string)

}

]

}

18 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.8 (string)

}

]

}

19 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

}

20 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

}

21 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded R1000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP5 1.2.0.A (string)

}

]

}

22 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded R2000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedR2KPI-FP5 1.0.0.2 (string)

}

]

}

23 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded 5000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbAM4PI 1.0.0.3 (string)

}

]

}

24 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded 7000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedAM5PI 1.0.0.0 (string)

}

]

}

25 : { »

defaultStatus : unaffected (string)

product : AMD Ryzen™ Embedded V1000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

}

26 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded V2000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP6 1.0.0.8 (string)

}

]

}

27 : { »

defaultStatus : affected (string)

product : AMD Ryzen™ Embedded V3000 Series Processors (string)

vendor : AMD (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP7r2 1.0.0.5 (string)

}

]

}

]

datePublic : 2024-08-13T16:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : <span style="background-color: rgb(255, 255, 255);"> Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.<div><div><div> </div> </div> </div> </span> (string)

}

]

value : Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 1.9 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

providerMetadata : { »

orgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

shortName : AMD (string)

dateUpdated : 2024-08-13T16:52:55.976Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (string)

}

1 : { »

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html (string)

}

]

source : { »

advisory : AMD-SB-4002, AMD-SB-3002, AMD-SB-5001 (string)

discovery : UNKNOWN (string)

}

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-459 (string)

lang : en (string)

description : CWE-459 Incomplete Cleanup (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-08-15T14:20:09.090291Z (string)

id : CVE-2023-20518 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-05T17:10:30.170Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-15T14:20:09.090291Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-15T14:20:32.050Z"}}], "cna": {"source": {"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMD", "product": "AMD EPYC\u2122 9004 Series Processors", "versions": [{"status": "unaffected", "version": "GenoaPI 1.0.0.4", "versionType": "PI"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "versions": [{"status": "unaffected", "version": "ComboAM4V1 1.0.0.A"}, {"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "versions": [{"status": "unaffected", "version": "ComboAM5 1.0.0.6"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}, {"status": "unaffected", "version": "ComboAM4V1 1.0.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "ComboAM4V2 1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "versions": [{"status": "unaffected", "version": "CastlePeakPI-SP3r3  1.0.0.9"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8  1.0.0.6"}, {"status": "unaffected", "version": "CastlePeakWSPI-sWRX8  1.0.0.B"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "versions": [{"status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5  1.0.0.F"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PollockPI-FT5   1.0.0.5"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "PicassoPI-FP5  1.0.0.F"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "RenoirPI-FP6  1.0.0.C"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6  1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.4"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "versions": [{"status": "unaffected", "version": "CezannePI-FP6 1.0.0.E"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP5  1.2.0.A"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbAM4PI 1.0.0.3"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedAM5PI  1.0.0.0"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "versions": [{"status": "affected", "version": "various"}], "defaultStatus": "unaffected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.8"}], "defaultStatus": "affected"}, {"vendor": "AMD", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "versions": [{"status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.5"}], "defaultStatus": "affected"}], "datePublic": "2024-08-13T16:00:00.000Z", "references": [{"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html", "tags": ["vendor-advisory"]}, {"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.<div><div><div>\n\n</div>\n\n</div>\n\n</div>\n\n\n\n\n\n</span>", "base64": false}]}], "providerMetadata": {"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD", "dateUpdated": "2024-08-13T16:52:55.976Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20518", "state": "PUBLISHED", "dateUpdated": "2024-11-05T17:10:30.170Z", "dateReserved": "2022-10-27T18:53:39.736Z", "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "datePublished": "2024-08-13T16:52:55.976Z", "assignerShortName": "AMD"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-20518 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-08-15T14:20:09.090291Z (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-459 (string)

description : CWE-459 Incomplete Cleanup (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-08-15T14:20:32.050Z (string)

}

]

cna : { »

source : { »

advisory : AMD-SB-4002, AMD-SB-3002, AMD-SB-5001 (string)

discovery : UNKNOWN (string)

}

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 1.9 (number)

attackVector : LOCAL (string)

baseSeverity : LOW (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : HIGH (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : LOW (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

vendor : AMD (string)

product : AMD EPYC™ 9004 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : GenoaPI 1.0.0.4 (string)

versionType : PI (string)

}

]

defaultStatus : affected (string)

}

1 : { »

vendor : AMD (string)

product : AMD Ryzen™ 3000 Series Desktop Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V1 1.0.0.A (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

2 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Desktop Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

3 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

4 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7000 Series Desktop Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM5 1.0.0.6 (string)

}

]

defaultStatus : affected (string)

}

5 : { »

vendor : AMD (string)

product : AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

1 : { »

status : unaffected (string)

version : ComboAM4V1 1.0.0.A (string)

}

]

defaultStatus : affected (string)

}

6 : { »

vendor : AMD (string)

product : AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ComboAM4V2 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

7 : { »

vendor : AMD (string)

product : AMD Ryzen™ Threadripper™ 3000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CastlePeakPI-SP3r3 1.0.0.9 (string)

}

]

defaultStatus : affected (string)

}

8 : { »

vendor : AMD (string)

product : AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.6 (string)

}

1 : { »

status : unaffected (string)

version : CastlePeakWSPI-sWRX8 1.0.0.B (string)

}

]

defaultStatus : affected (string)

}

9 : { »

vendor : AMD (string)

product : AMD Ryzen™ Threadripper™ PRO 5000WX Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : ChagallWSPI-sWRX8 1.0.0.6 (string)

}

]

defaultStatus : affected (string)

}

10 : { »

vendor : AMD (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.F (string)

}

]

defaultStatus : affected (string)

}

11 : { »

vendor : AMD (string)

product : AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PollockPI-FT5 1.0.0.5 (string)

}

]

defaultStatus : affected (string)

}

12 : { »

vendor : AMD (string)

product : AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : PicassoPI-FP5 1.0.0.F (string)

}

]

defaultStatus : affected (string)

}

13 : { »

vendor : AMD (string)

product : AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RenoirPI-FP6 1.0.0.C (string)

}

]

defaultStatus : affected (string)

}

14 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

defaultStatus : affected (string)

}

15 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

defaultStatus : affected (string)

}

16 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : MendocinoPI-FT6 1.0.0.4 (string)

}

]

defaultStatus : affected (string)

}

17 : { »

vendor : AMD (string)

product : AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

18 : { »

vendor : AMD (string)

product : AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : RembrandtPI-FP7 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

19 : { »

vendor : AMD (string)

product : AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

defaultStatus : affected (string)

}

20 : { »

vendor : AMD (string)

product : AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics (string)

versions : [ »

0 : { »

status : unaffected (string)

version : CezannePI-FP6 1.0.0.E (string)

}

]

defaultStatus : affected (string)

}

21 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded R1000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP5 1.2.0.A (string)

}

]

defaultStatus : affected (string)

}

22 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded R2000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedR2KPI-FP5 1.0.0.2 (string)

}

]

defaultStatus : affected (string)

}

23 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded 5000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbAM4PI 1.0.0.3 (string)

}

]

defaultStatus : affected (string)

}

24 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded 7000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedAM5PI 1.0.0.0 (string)

}

]

defaultStatus : affected (string)

}

25 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded V1000 Series Processors (string)

versions : [ »

0 : { »

status : affected (string)

version : various (string)

}

]

defaultStatus : unaffected (string)

}

26 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded V2000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP6 1.0.0.8 (string)

}

]

defaultStatus : affected (string)

}

27 : { »

vendor : AMD (string)

product : AMD Ryzen™ Embedded V3000 Series Processors (string)

versions : [ »

0 : { »

status : unaffected (string)

version : EmbeddedPI-FP7r2 1.0.0.5 (string)

}

]

defaultStatus : affected (string)

}

]

datePublic : 2024-08-13T16:00:00.000Z (string)

references : [ »

0 : { »

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (string)

tags : [ »

0 : vendor-advisory (string)

]

}

1 : { »

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html (string)

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : <span style="background-color: rgb(255, 255, 255);"> Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.<div><div><div> </div> </div> </div> </span> (string)

base64 : false (boolean)

}

]

}

]

providerMetadata : { »

orgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

shortName : AMD (string)

dateUpdated : 2024-08-13T16:52:55.976Z (string)

}

cveMetadata : { »

cveId : CVE-2023-20518 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-05T17:10:30.170Z (string)

dateReserved : 2022-10-27T18:53:39.736Z (string)

assignerOrgId : b58fc414-a1e4-4f92-9d70-1add41838648 (string)

datePublished : 2024-08-13T16:52:55.976Z (string)

assignerShortName : AMD (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."}, {"lang": "es", "value": "Una limpieza incompleta en la ASP puede exponer la clave de cifrado maestra (MEK) a un atacante privilegiado con acceso al men\u00fa del BIOS o al shell UEFI y una vulnerabilidad de filtraci\u00f3n de memoria, lo que podr\u00eda provocar una p\u00e9rdida de confidencialidad."}], "id": "CVE-2023-20518", "lastModified": "2024-11-05T17:35:02.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "psirt@amd.com", "type": "Secondary"}]}, "published": "2024-08-13T17:15:19.330", "references": [{"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"}, {"source": "psirt@amd.com", "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"}], "sourceIdentifier": "psirt@amd.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. (string)

}

1 : { »

lang : es (string)

value : Una limpieza incompleta en la ASP puede exponer la clave de cifrado maestra (MEK) a un atacante privilegiado con acceso al menú del BIOS o al shell UEFI y una vulnerabilidad de filtración de memoria, lo que podría provocar una pérdida de confidencialidad. (string)

}

]

id : CVE-2023-20518 (string)

lastModified : 2024-11-05T17:35:02.627 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 1.9 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.5 (number)

impactScore : 1.4 (number)

source : psirt@amd.com (string)

type : Secondary (string)

}

]

}

published : 2024-08-13T17:15:19.330 (string)

references : [ »

0 : { »

source : psirt@amd.com (string)

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html (string)

}

1 : { »

source : psirt@amd.com (string)

url : https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html (string)

}

]

sourceIdentifier : psirt@amd.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-459 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object