Timing Attack on AMD ASP HMAC
CVE-2023-20572 Published on June 26, 2026

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

NVD

Weakness Type

Observable Timing Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.

Products Associated with CVE-2023-20572

Want to know whenever a new CVE is published for Google Chrome? stack.watch will email you.

Google Chrome

Affected Versions

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics:

Version Picasso-FP5 1.0.1.1 is unaffected.

AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics:

Version Pollock-FT5 1.0.0.7 is unaffected.

AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics:

Version Cezanne-FP6 1.0.1.0 is unaffected.

AMD Ryzen™ 7030 Series Mobile processors with Radeon™ Graphics:

Version Cezanne-FP6 1.0.1.0 is unaffected.

AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics:

Version Renoir-FP6 1.0.0.D is unaffected.

AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics:

Version Rembrandt-FP7 1.0.0.A is unaffected.

AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics:

Version MendocinoPI-FT6 1.0.0.6 is unaffected.

AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics:

Version ComboAM4v2PI 1.2.0.CA is unaffected.

AMD Ryzen™ 5000 Series Desktop Processors:

Version ComboAM4v2PI 1.2.0.CA is unaffected.

AMD Ryzen™ 3000 Series Desktop Processors:

Version ComboAM4v2PI 1.2.0.CA is unaffected.
Version ComboAM4PI 1.0.0.F is unaffected.

AMD Ryzen™ 4000 Series Desktop Processors:

Version ComboAM4v2PI 1.2.0.CA is unaffected.

AMD Ryzen™ 5000 Series Desktop Processors:

Version ComboAM4v2PI 1.2.0.CA is unaffected.

AMD Ryzen™ 8000 Series Desktop Processors:

Version ComboAM5 1.0.0.7a is unaffected.

AMD Ryzen™ 7000 Series Desktop Processors:

Version ComboAM5 1.0.0.7a is unaffected.

AMD Ryzen™ Threadripper™ 3000 Series Processors:

Version CastlePeakPI-SP3r3 1.0.0.C is unaffected.

AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors:

Version CastlePeakWSPI-sWRX8 1.0.0.E is unaffected.

AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors:

Version ChagallWSPI-sWRX8 1.0.0.9 is unaffected.

AMD Ryzen™ Threadripper™ 7000 Processors:

Version StormPeakPI-SP6 1.1.0.0c is unaffected.

AMD Ryzen™ Threadripper™ PRO 7000WX-Series Processors:

Version StormPeakPI-SP6 1.0.0.1e is unaffected.

Timing Attack on AMD ASP HMACCVE-2023-20572 Published on June 26, 2026

Weakness Type

Observable Timing Discrepancy

Products Associated with CVE-2023-20572

Affected Versions

Timing Attack on AMD ASP HMAC
CVE-2023-20572 Published on June 26, 2026