Vulnerability in Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data i…

Affected products

Amd Athlon™ 3000 Series Desktop Processors With Radeon™ Graphics — versions ComboAM4v2PI 1.2.0.CA
Amd Athlon™ 3000 Series Mobile Processors With Radeon™ Graphics — versions Picasso-FP5 1.0.1.1, Pollock-FT5 1.0.0.7
Amd Ryzen™ 3000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.CA, ComboAM4PI 1.0.0.F
Amd Ryzen™ 4000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.CA
Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics — versions Renoir-FP6 1.0.0.D
Amd Ryzen™ 5000 Series Desktop Processors — versions ComboAM4v2PI 1.2.0.CA
Amd Ryzen™ 5000 Series Processors With Radeon™ Graphics — versions Cezanne-FP6 1.0.1.0
Amd Ryzen™ 6000 Series Processors With Radeon™ Graphics — versions Rembrandt-FP7 1.0.0.A
Amd Ryzen™ 7000 Series Desktop Processors — versions ComboAM5 1.0.0.7a
Amd Ryzen™ 7020 Series Processors With Radeon™ Graphics — versions MendocinoPI-FT6 1.0.0.6

Weakness classification (CWE)

CWE-208

References

psirt@amd.com