CVE-2023-20570
LOWDescription
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| amd | alveo_u50_firmware |
| amd | alveo_u50 |
| amd | alveo_u200_firmware |
| amd | alveo_u200 |
| amd | alveo_u250_firmware |
| amd | alveo_u250 |
| amd | alveo_u280_firmware |
| amd | alveo_u280 |
| amd | kintex_ultrascale\+_ku3p_firmware |
| amd | kintex_ultrascale\+_ku3p |
| amd | kintex_ultrascale\+_ku5p_firmware |
| amd | kintex_ultrascale\+_ku5p |
| amd | kintex_ultrascale\+_ku9p_firmware |
| amd | kintex_ultrascale\+_ku9p |
| amd | kintex_ultrascale\+_ku11p_firmware |
| amd | kintex_ultrascale\+_ku11p |
| amd | kintex_ultrascale\+_ku13p_firmware |
| amd | kintex_ultrascale\+_ku13p |
| amd | kintex_ultrascale\+_ku15p_firmware |
| amd | kintex_ultrascale\+_ku15p |
| amd | kintex_ultrascale\+_ku19p_firmware |
| amd | kintex_ultrascale\+_ku19p |
| amd | kintex_ultrascale_ku025_firmware |
| amd | kintex_ultrascale_ku025 |
| amd | kintex_ultrascale_ku035_firmware |
| amd | kintex_ultrascale_ku035 |
| amd | kintex_ultrascale_ku040_firmware |
| amd | kintex_ultrascale_ku040 |
| amd | kintex_ultrascale_ku060_firmware |
| amd | kintex_ultrascale_ku060 |
| amd | kintex_ultrascale_ku085_firmware |
| amd | kintex_ultrascale_ku085 |
| amd | kintex_ultrascale_ku095_firmware |
| amd | kintex_ultrascale_ku095 |
| amd | kintex_ultrascale_ku115_firmware |
| amd | kintex_ultrascale_ku115 |
| amd | virtex_ultrascale_xcvu065_firmware |
| amd | virtex_ultrascale_xcvu065 |
| amd | virtex_ultrascale_xcvu080_firmware |
| amd | virtex_ultrascale_xcvu080 |
| amd | virtex_ultrascale_xcvu095_firmware |
| amd | virtex_ultrascale_xcvu095 |
| amd | virtex_ultrascale_xcvu125_firmware |
| amd | virtex_ultrascale_xcvu125 |
| amd | virtex_ultrascale_xcvu160_firmware |
| amd | virtex_ultrascale_xcvu160 |
| amd | virtex_ultrascale_xcvu190_firmware |
| amd | virtex_ultrascale_xcvu190 |
| amd | virtex_ultrascale_xcvu440_firmware |
| amd | virtex_ultrascale_xcvu440 |
| amd | virtex_ultrascale\+_vu3p_firmware |
| amd | virtex_ultrascale\+_vu3p |
| amd | virtex_ultrascale\+_vu5p_firmware |
| amd | virtex_ultrascale\+_vu5p |
| amd | virtex_ultrascale\+_vu7p_firmware |
| amd | virtex_ultrascale\+_vu7p |
| amd | virtex_ultrascale\+_vu9p_firmware |
| amd | virtex_ultrascale\+_vu9p |
| amd | virtex_ultrascale\+_vu11p_firmware |
| amd | virtex_ultrascale\+_vu11p |
| amd | virtex_ultrascale\+_vu13p_firmware |
| amd | virtex_ultrascale\+_vu13p |
| amd | virtex_ultrascale\+_vu19p_firmware |
| amd | virtex_ultrascale\+_vu19p |
| amd | virtex_ultrascale\+_vu23p_firmware |
| amd | virtex_ultrascale\+_vu23p |
| amd | virtex_ultrascale\+_vu27p_firmware |
| amd | virtex_ultrascale\+_vu27p |
| amd | virtex_ultrascale\+_vu29p_firmware |
| amd | virtex_ultrascale\+_vu29p |
| amd | virtex_ultrascale\+_vu31p_firmware |
| amd | virtex_ultrascale\+_vu31p |
| amd | virtex_ultrascale\+_vu33p_firmware |
| amd | virtex_ultrascale\+_vu33p |
| amd | virtex_ultrascale\+_vu35p_firmware |
| amd | virtex_ultrascale\+_vu35p |
| amd | virtex_ultrascale\+_vu37p_firmware |
| amd | virtex_ultrascale\+_vu37p |
| amd | virtex_ultrascale\+_vu45p_firmware |
| amd | virtex_ultrascale\+_vu45p |
| amd | virtex_ultrascale\+_vu47p_firmware |
| amd | virtex_ultrascale\+_vu47p |
| amd | virtex_ultrascale\+_vu57p_firmware |
| amd | virtex_ultrascale\+_vu57p |
| amd | artix_ultrascale\+_au7p_firmware |
| amd | artix_ultrascale\+_au7p |
| amd | artix_ultrascale\+_au10p_firmware |
| amd | artix_ultrascale\+_au10p |
| amd | artix_ultrascale\+_au15p_firmware |
| amd | artix_ultrascale\+_au15p |
| amd | artix_ultrascale\+_au20p_firmware |
| amd | artix_ultrascale\+_au20p |
| amd | artix_ultrascale\+_au25p_firmware |
| amd | artix_ultrascale\+_au25p |
References
Frequently Asked Questions
What is CVE-2023-20570? +
How severe is CVE-2023-20570? +
What products are affected by CVE-2023-20570? +
How do I check if I'm vulnerable to CVE-2023-20570? +
Related Vulnerabilities
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed …
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, …
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated …
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege …
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior …
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in …