Vulnerability in Amd Ryzen™ 3000 Series Desktop Processors
CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
Affected products
- Amd Ryzen™ 3000 Series Desktop Processors — versions ComboAM4 1.0.0.E, ComboAM4v2PI 1.2.0.CA
- Amd Ryzen™ 5000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.CA
- Amd Ryzen™ Threadripper™ 3000 Series Processors — versions CastlePeakPI-SP3r3 1.0.0.C
- Amd Ryzen™ Threadripper™ Pro 3000wx Series Processors — versions CastlePeakWSPI-sWRX8 1.0.0.E
- Amd Ryzen™ Threadripper™ Pro 5000 Wx-series Processors — versions ChagallWSPI-sWRX8 1.0.0.9