TOCTOU Vulnerability in ASP Bootloader: Tampering with SPI ROM Records

TOCTOU Vulnerability in ASP Bootloader: Tampering with SPI ROM Records

CVE-2023-20521 · MEDIUM Severity

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.

Learn more about our Physical Security Assessment.