CVE-2023-20526: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2023-20526 is a security vulnerability discovered in AMD's ASP Bootloader that was disclosed on November 14, 2023. The vulnerability affects various AMD EPYC processors including the 7001, 7002, and 7003 series, as well as certain Ryzen Threadripper processors. This security issue stems from insufficient input validation in the ASP Bootloader (NVD).

The vulnerability is characterized by insufficient input validation in the ASP Bootloader, which could potentially expose the contents of ASP memory. The severity of this vulnerability has been assessed with different CVSS scores: NIST assigned a CVSS v3.1 base score of 4.6 (MEDIUM) with vector AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while AMD assessed it with a lower CVSS score of 1.9 (LOW) with vector AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N (NVD).

The vulnerability could lead to a loss of confidentiality by exposing the contents of ASP memory. The impact is limited by the requirement of physical access to the affected systems (NVD).

AMD has released firmware updates to address this vulnerability. For EPYC 7001 series processors, the fix is included in NaplesPI 1.0.0.H, for EPYC 7002 series in RomePI 1.0.0.D, and for EPYC 7003 series in MilanPI 1.0.0.5. Ryzen Threadripper processors receive the fix in SummitPI-SP3r2 1.1.0.7 (NVD).