Description
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
Scores
CVSS v3
5.7
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (20)
AMD/AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
various
AMD/AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
various
AMD/AMD EPYC™ 7001 Series Processors
various
AMD/AMD EPYC™ 7002 Series Processors
various
AMD/AMD EPYC™ 7003 Series Processors
various
AMD/AMD EPYC™ Embedded 3000 Series Processors
various
AMD/AMD EPYC™ Embedded 7002 Series Processors
various
AMD/AMD EPYC™ Embedded 7003 Series Processors
various
AMD/AMD Ryzen™ 3000 Series Desktop Processors
various
AMD/AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
various
... and 10 more
Published
Aug 13, 2024
Tracked Since
Feb 18, 2026