CVE-2023-20518

LOW

BIOS/UEFI - Info Disclosure

Title source: llm

Description

Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

References (2)

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html

[Vendor Advisory] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html

Scores

CVSS v3 1.9

EPSS 0.0005

EPSS Percentile 16.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-459

Status published

Products (31)

AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4V1 1.0.0.A

AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics ComboAM4V2 1.2.0.A

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PicassoPI-FP5 1.0.0.F

AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics PollockPI-FT5 1.0.0.5

AMD/AMD EPYC™ 9004 Series Processors GenoaPI 1.0.0.4

AMD/AMD Ryzen™ 3000 Series Desktop Processors ComboAM4V1 1.0.0.A

AMD/AMD Ryzen™ 3000 Series Desktop Processors ComboAM4V2 1.2.0.A

AMD/AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics PicassoPI-FP5 1.0.0.F

AMD/AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics CezannePI-FP6 1.0.0.E

AMD/AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics ComboAM4V2 1.2.0.A

... and 21 more

Published Aug 13, 2024

Tracked Since Feb 18, 2026