CVE-2023-20540 - Vulnerability Details

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

Attack Vector Local

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Amd	Ryzen 3000 Series Desktop Processors Ryzen 5000 Series Desktop Processors Ryzen Threadripper 3000 Series Processors Ryzen Threadripper Pro 3000 Wx-series Processors Ryzen Threadripper Pro 5000 Wx-series Processors

No data.

References

Link	Providers
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4012.html

History

Mon, 29 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd ryzen 3000 Series Desktop Processors Amd ryzen 5000 Series Desktop Processors Amd ryzen Threadripper 3000 Series Processors Amd ryzen Threadripper Pro 3000 Wx-series Processors Amd ryzen Threadripper Pro 5000 Wx-series Processors
Vendors & Products		Amd Amd ryzen 3000 Series Desktop Processors Amd ryzen 5000 Series Desktop Processors Amd ryzen Threadripper 3000 Series Processors Amd ryzen Threadripper Pro 3000 Wx-series Processors Amd ryzen Threadripper Pro 5000 Wx-series Processors

Fri, 26 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 26 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
Weaknesses		CWE-208
References		https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4012.html
Metrics		cvssV4_0 `{'score': 1.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2026-06-26T15:44:59.841Z

Updated: 2026-06-26T16:00:59.349Z

Reserved: 2022-10-27T18:53:39.742Z

Link: CVE-2023-20540

Vulnrichment

Updated: 2026-06-26T16:00:53.648Z

NVD

No data.

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object