Description

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

Severity (CVSS)

Base score1.8
SeverityLow
VersionCVSS 4.0
VectorCVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Provided byCNA

Weaknesses

  • CWE-208 — CWE-208 Observable timing discrepancy

Affected products

VendorProductVersions
AMDAMD Ryzen™ 3000 Series Desktop ProcessorsComboAM4 1.0.0.E; ComboAM4v2PI 1.2.0.CA
AMDAMD Ryzen™ 5000 Series Desktop ProcessorsComboAM4v2PI 1.2.0.CA
AMDAMD Ryzen™ Threadripper™ 3000 Series ProcessorsCastlePeakPI-SP3r3 1.0.0.C
AMDAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsCastlePeakWSPI-sWRX8 1.0.0.E
AMDAMD Ryzen™ Threadripper™ PRO 5000 WX-Series ProcessorsChagallWSPI-sWRX8 1.0.0.9

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 27 Jun 2026 07:02 UTC.