Home

Description

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

PUBLISHED Reserved 2022-10-27 | Published 2026-06-26 | Updated 2026-06-26 | Assigner AMD




MEDIUM: 5.6CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-208 Observable timing discrepancy

Product status

Default status
affected

Picasso-FP5 1.0.1.1
unaffected

Default status
affected

Pollock-FT5 1.0.0.7
unaffected

Default status
affected

Cezanne-FP6 1.0.1.0
unaffected

Default status
affected

Cezanne-FP6 1.0.1.0
unaffected

Default status
affected

Renoir-FP6 1.0.0.D
unaffected

Default status
affected

Rembrandt-FP7 1.0.0.A
unaffected

Default status
affected

MendocinoPI-FT6 1.0.0.6
unaffected

Default status
affected

ComboAM4v2PI 1.2.0.CA
unaffected

Default status
affected

ComboAM4v2PI 1.2.0.CA
unaffected

Default status
affected

ComboAM4v2PI 1.2.0.CA
unaffected

ComboAM4PI 1.0.0.F
unaffected

Default status
affected

ComboAM4v2PI 1.2.0.CA
unaffected

Default status
affected

ComboAM4v2PI 1.2.0.CA
unaffected

Default status
affected

ComboAM5 1.0.0.7a
unaffected

Default status
affected

ComboAM5 1.0.0.7a
unaffected

Default status
affected

CastlePeakPI-SP3r3 1.0.0.C
unaffected

Default status
affected

CastlePeakWSPI-sWRX8 1.0.0.E
unaffected

Default status
affected

ChagallWSPI-sWRX8 1.0.0.9
unaffected

Default status
affected

StormPeakPI-SP6 1.1.0.0c
unaffected

Default status
affected

StormPeakPI-SP6 1.0.0.1e
unaffected

References

www.amd.com/...es/product-security/bulletin/amd-sb-4012.html

cve.org (CVE-2023-20572)

nvd.nist.gov (CVE-2023-20572)

Download JSON