CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
23.1%
**Bulletin ID:**AMD-SB-4005 **Potential Impact:**Arbitrary Code Execution **Severity:**High
CVE-2023-20589
Researchers at the Technische Universität Berlin have reported the use of voltage fault injection attacks on ASP secure boot targeting fTPM. An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20589 | High | An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. |
AMD Ryzen ™ “Zen 1”, “Zen 2”, and “Zen3” microarchitecture-based platforms.
AMD believes the methods described in the report can only be applied on individual units and with prolonged physical access. Physical attacks are not part of the threat protection model for the affected AMD products. AMD believes a platform-level mitigation is possible for systems that support an Embedded Security Controller (ESC)/Platform Root-of-trust (PRoT). AMD recommends OEMs investigate the feasibility of this mitigation on affected systems.