Description
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
Severity (CVSS)
| Base score | 1.8 |
|---|---|
| Severity | Low |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Provided by | CNA |
Weaknesses
- CWE-208 — CWE-208 Observable timing discrepancy
Affected products
| Vendor | Product | Versions |
|---|---|---|
| AMD | AMD Ryzen™ 3000 Series Desktop Processors | ComboAM4 1.0.0.E; ComboAM4v2PI 1.2.0.CA |
| AMD | AMD Ryzen™ 5000 Series Desktop Processors | ComboAM4v2PI 1.2.0.CA |
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors | CastlePeakPI-SP3r3 1.0.0.C |
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors | CastlePeakWSPI-sWRX8 1.0.0.E |
| AMD | AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors | ChagallWSPI-sWRX8 1.0.0.9 |
References
Generated from the official CVE List on 27 Jun 2026 07:02 UTC.