CVE-2020-12954

  • Last update: Apr 13, 2023

Description

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.

Software From Fixed in
amd / epyc_7601_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7551p_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7551_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7501_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7451_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7401_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7351p_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7351_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7301_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7281_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7251_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7f72_firmware - romepi-sp3_1.0.0.c
amd / epyc_7f52_firmware - romepi-sp3_1.0.0.c
amd / epyc_7f32_firmware - romepi-sp3_1.0.0.c
amd / epyc_7742_firmware - romepi-sp3_1.0.0.c
amd / epyc_7702_firmware - romepi-sp3_1.0.0.c
amd / epyc_7702p_firmware - romepi-sp3_1.0.0.c
amd / epyc_7662_firmware - romepi-sp3_1.0.0.c
amd / epyc_7642_firmware - romepi-sp3_1.0.0.c
amd / epyc_7552_firmware - romepi-sp3_1.0.0.c
amd / epyc_7542_firmware - romepi-sp3_1.0.0.c
amd / epyc_7532_firmware - romepi-sp3_1.0.0.c
amd / epyc_7502_firmware - romepi-sp3_1.0.0.c
amd / epyc_7502p_firmware - romepi-sp3_1.0.0.c
amd / epyc_7452_firmware - romepi-sp3_1.0.0.c
amd / epyc_7402_firmware - romepi-sp3_1.0.0.c
amd / epyc_7402p_firmware - romepi-sp3_1.0.0.c
amd / epyc_7352_firmware - romepi-sp3_1.0.0.c
amd / epyc_7302_firmware - romepi-sp3_1.0.0.c
amd / epyc_7302p_firmware - romepi-sp3_1.0.0.c
amd / epyc_7282_firmware - romepi-sp3_1.0.0.c
amd / epyc_7272_firmware - romepi-sp3_1.0.0.c
amd / epyc_7262_firmware - romepi-sp3_1.0.0.c
amd / epyc_7252_firmware - romepi-sp3_1.0.0.c
amd / epyc_7232p_firmware - romepi-sp3_1.0.0.c
amd / epyc_7763_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7713p_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7713_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7663_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7643_firmware - milanpi-sp3_1.0.0.4
amd / epyc_75f3_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7543p_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7543_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7513_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7453_firmware - milanpi-sp3_1.0.0.4
amd / epyc_74f3_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7443p_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7443_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7413_firmware - milanpi-sp3_1.0.0.4
amd / epyc_73f3_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7343_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7313p_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7313_firmware - milanpi-sp3_1.0.0.4
amd / epyc_72f3_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7003_firmware - milanpi-sp3_1.0.0.4
amd / epyc_7002_firmware - romepi-sp3_1.0.0.c
amd / epyc_7001_firmware - naplespi-sp3_1.0.0.g
amd / epyc_7401p_firmware - naplespi-sp3_1.0.0.g

Details

    • Severity: Medium
  • CVE: CVE-2020-12954
  • Published: Nov 16, 2021
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v3

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:N/I:P/A:N