Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-459 |
Thu, 15 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 13 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality. | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: AMD
Published: 2024-08-13T16:52:55.976Z
Updated: 2024-11-05T17:10:30.170Z
Reserved: 2022-10-27T18:53:39.736Z
Link: CVE-2023-20518
Vulnrichment
Updated: 2024-08-15T14:20:32.050Z
NVD
Status : Awaiting Analysis
Published: 2024-08-13T17:15:19.330
Modified: 2024-11-05T17:35:02.627
Link: CVE-2023-20518
Redhat
No data.