All the vulnerabilites related to AMD - 1st Gen AMD EPYC™
cve-2021-26331
Vulnerability from cvelistv5
Published
2021-11-16 18:09
Modified
2024-09-16 21:03
Severity ?
EPSS score ?
Summary
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.953Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T18:09:35", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26331", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26331", "datePublished": "2021-11-16T18:09:35.653452Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T21:03:02.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26329
Vulnerability from cvelistv5
Published
2021-11-16 17:57
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.294Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T17:57:01", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26329", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-130 Improper Handling of Length Parameter Inconsistency" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26329", "datePublished": "2021-11-16T17:57:01.031900Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T22:24:45.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26330
Vulnerability from cvelistv5
Published
2021-11-16 18:19
Modified
2024-09-16 18:12
Severity ?
EPSS score ?
Summary
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:23.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T18:19:29", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26330", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26330", "datePublished": "2021-11-16T18:19:29.476922Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T18:12:54.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20520
Vulnerability from cvelistv5
Published
2023-05-09 18:36
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
Improper access control settings in ASP
Bootloader may allow an attacker to corrupt the return address causing a
stack-based buffer overrun potentially leading to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: various |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.261Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "1st Gen AMD EPYC\u2122 ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "2nd Gen AMD EPYC\u2122 ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "AGESA", "platforms": [ "x86" ], "product": "3rd Gen AMD EPYC\u2122 ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] } ], "datePublic": "2023-05-09T16:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n" } ], "value": "Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2023-05-09T18:53:42.276Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001" } ], "source": { "advisory": "AMD-SB-3001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20520", "datePublished": "2023-05-09T18:36:29.141Z", "dateReserved": "2022-10-27T18:53:39.737Z", "dateUpdated": "2024-08-02T09:05:36.261Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26320
Vulnerability from cvelistv5
Published
2021-11-16 18:05
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.338Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T18:05:10", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26320", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP" } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-295 Improper Certificate Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26320", "datePublished": "2021-11-16T18:05:10.770439Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T18:34:19.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26408
Vulnerability from cvelistv5
Published
2022-05-10 18:22
Modified
2024-09-16 21:04
Severity ?
EPSS score ?
Summary
Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.323Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-05-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest\u0027s integrity or confidentiality." } ], "problemTypes": [ { "descriptions": [ { "description": "tbd", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T18:22:50", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-06T20:00:00.000Z", "ID": "CVE-2021-26408", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest\u0027s integrity or confidentiality." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "tbd" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26408", "datePublished": "2022-05-10T18:22:50.329992Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T21:04:07.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12954
Vulnerability from cvelistv5
Published
2021-11-16 18:11
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.706Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T18:11:02", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2020-12954", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-693 Protection Mechanism Failure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12954", "datePublished": "2021-11-16T18:11:02.785753Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-16T18:48:26.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26321
Vulnerability from cvelistv5
Published
2021-11-16 18:07
Modified
2024-09-16 18:56
Severity ?
EPSS score ?
Summary
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T18:07:26", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26321", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26321", "datePublished": "2021-11-16T18:07:26.527350Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T18:56:13.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26322
Vulnerability from cvelistv5
Published
2021-11-16 17:58
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 1st Gen AMD EPYC™ |
Version: unspecified < NaplesPI-SP3_1.0.0.G |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:19:20.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "1st Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "NaplesPI-SP3_1.0.0.G", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "2nd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "RomePI-SP3_1.0.0.C", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "3rd Gen AMD EPYC\u2122", "vendor": "AMD", "versions": [ { "lessThan": "MilanPI-SP3_1.0.0.4", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2021-11-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Persistent platform private key may not be protected with a random IV leading to a potential \u201ctwo time pad attack\u201d." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-320", "description": "CWE-320 Key Management Errors", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-16T17:58:40", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ], "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2021-11-09T20:00:00.000Z", "ID": "CVE-2021-26322", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "1st Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "NaplesPI-SP3_1.0.0.G" } ] } }, { "product_name": "2nd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "RomePI-SP3_1.0.0.C" } ] } }, { "product_name": "3rd Gen AMD EPYC\u2122", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "MilanPI-SP3_1.0.0.4" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Persistent platform private key may not be protected with a random IV leading to a potential \u201ctwo time pad attack\u201d." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-320 Key Management Errors" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021" } ] }, "source": { "advisory": "AMD-SB-1021", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26322", "datePublished": "2021-11-16T17:58:40.230958Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T00:56:29.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }