CVE-2023-20570 : Insufficient verification of data authenticity in the configuration state machin

Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.

Published 2024-02-13 18:15:47

Updated 2025-03-22 15:15:36

Source Advanced Micro Devices Inc.

View at NVD, CVE.org

Products affected by CVE-2023-20570

AMD » Alveo U50 Firmware » Version: N/A
cpe:2.3:o:amd:alveo_u50_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Alveo U50 » Version: N/A
AMD » Alveo U200 Firmware » Version: N/A
cpe:2.3:o:amd:alveo_u200_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Alveo U200 » Version: N/A
AMD » Alveo U250 Firmware » Version: N/A
cpe:2.3:o:amd:alveo_u250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Alveo U250 » Version: N/A
AMD » Alveo U280 Firmware » Version: N/A
cpe:2.3:o:amd:alveo_u280_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Alveo U280 » Version: N/A
AMD » Kintex Ultrascale+ Ku3p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku3p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku3p » Version: N/A
AMD » Kintex Ultrascale+ Ku5p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku5p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku5p » Version: N/A
AMD » Kintex Ultrascale+ Ku9p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku9p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku9p » Version: N/A
AMD » Kintex Ultrascale+ Ku11p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku11p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku11p » Version: N/A
AMD » Kintex Ultrascale+ Ku13p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku13p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku13p » Version: N/A
AMD » Kintex Ultrascale+ Ku15p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku15p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku15p » Version: N/A
AMD » Kintex Ultrascale+ Ku19p Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale\+_ku19p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale+ Ku19p » Version: N/A
AMD » Kintex Ultrascale Ku025 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku025_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku025 » Version: N/A
AMD » Kintex Ultrascale Ku035 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku035_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku035 » Version: N/A
AMD » Kintex Ultrascale Ku040 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku040_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku040 » Version: N/A
AMD » Kintex Ultrascale Ku060 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku060_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku060 » Version: N/A
AMD » Kintex Ultrascale Ku085 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku085_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku085 » Version: N/A
AMD » Kintex Ultrascale Ku095 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku095_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku095 » Version: N/A
AMD » Kintex Ultrascale Ku115 Firmware » Version: N/A
cpe:2.3:o:amd:kintex_ultrascale_ku115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Kintex Ultrascale Ku115 » Version: N/A
AMD » Virtex Ultrascale Xcvu065 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu065_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu065 » Version: N/A
AMD » Virtex Ultrascale Xcvu080 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu080_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu080 » Version: N/A
AMD » Virtex Ultrascale Xcvu095 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu095_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu095 » Version: N/A
AMD » Virtex Ultrascale Xcvu125 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu125 » Version: N/A
AMD » Virtex Ultrascale Xcvu160 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu160_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu160 » Version: N/A
AMD » Virtex Ultrascale Xcvu190 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu190_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu190 » Version: N/A
AMD » Virtex Ultrascale Xcvu440 Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale_xcvu440_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale Xcvu440 » Version: N/A
AMD » Virtex Ultrascale+ Vu3p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu3p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu3p » Version: N/A
AMD » Virtex Ultrascale+ Vu5p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu5p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu5p » Version: N/A
AMD » Virtex Ultrascale+ Vu7p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu7p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu7p » Version: N/A
AMD » Virtex Ultrascale+ Vu9p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu9p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu9p » Version: N/A
AMD » Virtex Ultrascale+ Vu11p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu11p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu11p » Version: N/A
AMD » Virtex Ultrascale+ Vu13p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu13p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu13p » Version: N/A
AMD » Virtex Ultrascale+ Vu19p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu19p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu19p » Version: N/A
AMD » Virtex Ultrascale+ Vu23p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu23p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu23p » Version: N/A
AMD » Virtex Ultrascale+ Vu27p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu27p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu27p » Version: N/A
AMD » Virtex Ultrascale+ Vu29p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu29p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu29p » Version: N/A
AMD » Virtex Ultrascale+ Vu31p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu31p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu31p » Version: N/A
AMD » Virtex Ultrascale+ Vu33p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu33p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu33p » Version: N/A
AMD » Virtex Ultrascale+ Vu35p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu35p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu35p » Version: N/A
AMD » Virtex Ultrascale+ Vu37p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu37p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu37p » Version: N/A
AMD » Virtex Ultrascale+ Vu45p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu45p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu45p » Version: N/A
AMD » Virtex Ultrascale+ Vu47p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu47p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu47p » Version: N/A
AMD » Virtex Ultrascale+ Vu57p Firmware » Version: N/A
cpe:2.3:o:amd:virtex_ultrascale\+_vu57p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Virtex Ultrascale+ Vu57p » Version: N/A
AMD » Artix Ultrascale+ Au7p Firmware » Version: N/A
cpe:2.3:o:amd:artix_ultrascale\+_au7p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Artix Ultrascale+ Au7p » Version: N/A
AMD » Artix Ultrascale+ Au10p Firmware » Version: N/A
cpe:2.3:o:amd:artix_ultrascale\+_au10p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Artix Ultrascale+ Au10p » Version: N/A
AMD » Artix Ultrascale+ Au15p Firmware » Version: N/A
cpe:2.3:o:amd:artix_ultrascale\+_au15p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Artix Ultrascale+ Au15p » Version: N/A
AMD » Artix Ultrascale+ Au20p Firmware » Version: N/A
cpe:2.3:o:amd:artix_ultrascale\+_au20p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Artix Ultrascale+ Au20p » Version: N/A
AMD » Artix Ultrascale+ Au25p Firmware » Version: N/A
cpe:2.3:o:amd:artix_ultrascale\+_au25p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: AMD » Artix Ultrascale+ Au25p » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-20570

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-20570

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	1.8	1.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-22
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	1.8	1.4	NIST	2024-10-17
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2023-20570

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2023-20570

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8002.html

AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-20570

Products affected by CVE-2023-20570

Exploit prediction scoring system (EPSS) score for CVE-2023-20570

CVSS scores for CVE-2023-20570

CWE ids for CVE-2023-20570

References for CVE-2023-20570