All the vulnerabilites related to AMD - AMD EPYC™ 7002 Processors
cve-2021-46746
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-10-31 13:57
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
Impacted products
Vendor Product Version
AMD AMD EPYC™ 7002 Processors Version: various
AMD AMD EPYC™ 7003 Processors Version: various
AMD AMD EPYC™ 9004 Processors Version: various
AMD AMD Ryzen™ 3000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD AMD Ryzen™ 7000 Series Desktop Processors Version: ComboAM5 1.0.8.0
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: PollockPI-FT5 1.0.0.4
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7045 Series Mobile Processors
AMD AMD EPYC™ Embedded 3000 Series Processors Version: various
AMD AMD EPYC™ Embedded 7002 Series Processors Version: various
AMD AMD EPYC™ Embedded 7003 Series Processors Version: various
AMD AMD EPYC™ Embedded 9003 Series Processors Version: various
AMD AMD Ryzen™ Embedded R1000 Series Processors
AMD AMD Ryzen™ Embedded R2000 Series Processors
AMD AMD Ryzen™ Embedded 5000 Series Processors
AMD AMD Ryzen™ Embedded 7000 Series Processors
AMD AMD Ryzen™ Embedded V1000 Series Processors
AMD AMD Ryzen™ Embedded V2000 Series Processors
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T16:06:22.367564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:57:25.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4 V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "ComboAM5 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.2"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:50:51.023Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46746",
    "datePublished": "2024-08-13T16:50:51.023Z",
    "dateReserved": "2022-03-31T16:50:27.864Z",
    "dateUpdated": "2024-10-31T13:57:25.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20578
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2024-08-15 18:08
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_7001",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.k"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.g"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_9004",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.1.0.a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7003",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_9003",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_7000",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "unaffected",
                "version": "1.0.0.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20578",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T15:56:35.845479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T18:08:38.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "PI",
          "product": "AMD EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "NaplesPI 1.0.0.K",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.G"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "SnowyOwl  PI 1.1.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD RyzenTM Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.8"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:52:58.457Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20578",
    "datePublished": "2024-08-13T16:52:58.457Z",
    "dateReserved": "2022-10-27T18:53:39.757Z",
    "dateUpdated": "2024-08-15T18:08:38.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}