CVE-2023-20540
LowCVSS 1.8Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
Risk Assessment
The risk involves potential data integrity compromise in systems using ASP, which could lead to unauthorized data modifications or forgery.
Recommendation
It is recommended to apply security patches provided by the vendor (AMD) and restrict privileged access to systems using ASP.
Original NVD description (English source)
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

