All the vulnerabilites related to AMD - 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT
cve-2021-26371
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-03 20:26
Severity ?
Summary
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:59:16.122Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26371",
    "datePublished": "2023-05-09T18:59:16.122Z",
    "dateReserved": "2021-01-29T21:24:26.152Z",
    "dateUpdated": "2024-08-03T20:26:25.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46794
Vulnerability from cvelistv5
Published
2023-05-09 19:01
Modified
2024-08-04 05:17
Severity ?
Summary
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T19:01:47.728Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46794",
    "datePublished": "2023-05-09T19:01:47.728Z",
    "dateReserved": "2022-05-04T18:14:06.437Z",
    "dateUpdated": "2024-08-04T05:17:42.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26356
Vulnerability from cvelistv5
Published
2023-05-09 18:58
Modified
2024-08-03 20:26
Severity ?
Summary
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:24.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:58:48.108Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26356",
    "datePublished": "2023-05-09T18:58:48.108Z",
    "dateReserved": "2021-01-29T21:24:26.149Z",
    "dateUpdated": "2024-08-03T20:26:24.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46756
Vulnerability from cvelistv5
Published
2023-05-09 19:00
Modified
2024-08-04 05:17
Severity ?
Summary
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
Impacted products
Vendor Product Version
AMD Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge” Version: various
AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Version: various
AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Version: Various
AMD 2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” Version: various
AMD 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Version: various
AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Version: various
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Version: various
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Version: various
AMD Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Version: various
AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” Version: various
AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Version: various
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Version: various
AMD Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” Version: various
AMD 1st Gen AMD EPYC™ Processors Version: various
AMD 2nd Gen AMD EPYC™ Processors Version: various
AMD 3rd Gen AMD EPYC™ Processors Version: various
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T19:00:35.599Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46756",
    "datePublished": "2023-05-09T19:00:35.599Z",
    "dateReserved": "2022-03-31T16:50:27.868Z",
    "dateUpdated": "2024-08-04T05:17:42.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20593
Vulnerability from cvelistv5
Published
2023-07-24 19:38
Modified
2024-11-19 16:08
Severity ?
Summary
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008vendor-advisory
http://xenbits.xen.org/xsa/advisory-433.html
http://www.openwall.com/lists/oss-security/2023/07/24/3
http://seclists.org/fulldisclosure/2023/Jul/43
http://www.openwall.com/lists/oss-security/2023/07/25/5
http://www.openwall.com/lists/oss-security/2023/07/25/6
http://www.openwall.com/lists/oss-security/2023/07/25/1
http://www.openwall.com/lists/oss-security/2023/07/25/13
http://www.openwall.com/lists/oss-security/2023/07/25/17
http://www.openwall.com/lists/oss-security/2023/07/25/12
http://www.openwall.com/lists/oss-security/2023/07/25/16
http://www.openwall.com/lists/oss-security/2023/07/25/14
http://www.openwall.com/lists/oss-security/2023/07/25/15
http://www.openwall.com/lists/oss-security/2023/07/26/1
https://cmpxchg8b.com/zenbleed.html
https://www.debian.org/security/2023/dsa-5459
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://www.debian.org/security/2023/dsa-5462
https://www.debian.org/security/2023/dsa-5461
https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html
http://www.openwall.com/lists/oss-security/2023/07/31/2
https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/
http://www.openwall.com/lists/oss-security/2023/08/08/7
http://www.openwall.com/lists/oss-security/2023/08/08/8
http://www.openwall.com/lists/oss-security/2023/08/08/6
http://www.openwall.com/lists/oss-security/2023/08/16/4
http://www.openwall.com/lists/oss-security/2023/08/16/5
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
http://www.openwall.com/lists/oss-security/2023/09/22/9
http://www.openwall.com/lists/oss-security/2023/09/22/11
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/7
https://security.netapp.com/advisory/ntap-20240531-0004/
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-433.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cmpxchg8b.com/zenbleed.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5459"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5461"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20593",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T16:07:50.725588Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-209",
                "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T16:08:15.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics \u201cRenoir\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series processors \u201cMendocino\u201d FT6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "\u00b5code / AGESA\u2122 firmware",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-07-24T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\u003c/span\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-24T19:39:41.259Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-433.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
        },
        {
          "url": "https://cmpxchg8b.com/zenbleed.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5459"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5462"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5461"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7008",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20593",
    "datePublished": "2023-07-24T19:38:43.385Z",
    "dateReserved": "2022-10-27T18:53:39.762Z",
    "dateUpdated": "2024-11-19T16:08:15.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26406
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-03 20:26
Severity ?
Summary
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient validation in parsing Owner\u0027s\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient validation in parsing Owner\u0027s\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:59:29.119Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26406",
    "datePublished": "2023-05-09T18:59:29.119Z",
    "dateReserved": "2021-01-29T21:24:26.170Z",
    "dateUpdated": "2024-08-03T20:26:25.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46749
Vulnerability from cvelistv5
Published
2023-05-09 18:59
Modified
2024-08-04 05:17
Severity ?
Summary
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:59:53.819Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46749",
    "datePublished": "2023-05-09T18:59:39.837Z",
    "dateReserved": "2022-03-31T16:50:27.865Z",
    "dateUpdated": "2024-08-04T05:17:42.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46760
Vulnerability from cvelistv5
Published
2023-05-09 19:01
Modified
2024-08-04 05:17
Severity ?
Summary
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T19:01:05.377Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46760",
    "datePublished": "2023-05-09T19:01:05.377Z",
    "dateReserved": "2022-03-31T16:50:27.869Z",
    "dateUpdated": "2024-08-04T05:17:42.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46755
Vulnerability from cvelistv5
Published
2023-05-09 19:00
Modified
2024-08-04 05:17
Severity ?
Summary
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T19:00:26.747Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46755",
    "datePublished": "2023-05-09T19:00:26.747Z",
    "dateReserved": "2022-03-31T16:50:27.868Z",
    "dateUpdated": "2024-08-04T05:17:42.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26354
Vulnerability from cvelistv5
Published
2023-05-09 18:58
Modified
2024-08-03 20:26
Severity ?
Summary
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
Impacted products
Vendor Product Version
AMD Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge” Version: various
AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Version: various
AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Version: Various
AMD 2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” Version: various
AMD 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Version: various
AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Version: various
AMD Ryzen™ Threadripper™ PRO Processors “Chagall” WS Version: various
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Version: various
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Version: various
AMD Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Version: various
AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” Version: various
AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Version: various
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Version: various
AMD Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” Version: various
AMD 2nd Gen AMD EPYC™ Processors Version: various
AMD 3rd Gen AMD EPYC™ Processors Version: various
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:58:37.664Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001, AMD-SB-3001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26354",
    "datePublished": "2023-05-09T18:58:37.664Z",
    "dateReserved": "2021-01-29T21:24:26.148Z",
    "dateUpdated": "2024-08-03T20:26:25.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46773
Vulnerability from cvelistv5
Published
2023-05-09 19:01
Modified
2024-08-04 05:17
Severity ?
Summary
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T19:01:27.589Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46773",
    "datePublished": "2023-05-09T19:01:27.589Z",
    "dateReserved": "2022-03-31T16:50:27.873Z",
    "dateUpdated": "2024-08-04T05:17:42.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}