CVE-2023-20521

MEDIUM Year: 2023
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

Related Vulnerabilities

CVE-2023-20523

MEDIUM
CVSS:5.7(Medium)

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.

CWE-3672023

CVE-2023-4155

MEDIUM
CVSS:5.6(Medium)

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability a...

CWE-3672023

CVE-2018-1121

MEDIUM
CVSS:5.9(Medium)

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use...

CWE-3672018

CVE-2019-18644

MEDIUM
CVSS:5.9(Medium)

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.

CWE-3672019

CVE-2019-20000

MEDIUM
CVSS:5.9(Medium)

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.

CWE-3672019

CVE-2020-3808

MEDIUM
CVSS:5.9(Medium)

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

CWE-3672020