CVE-2023-20572
MediumCVSS 5.6Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
Risk Assessment
The risk involves potential data integrity loss as a privileged attacker could manipulate authenticated messages processed by the ASP.
Recommendation
Apply security patches provided by the vendor (AMD) and monitor systems for unusual activity related to the ASP.
Original NVD description (English source)
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

