All the vulnerabilites related to AMD - AMD Radeon RX 5000 Series & PRO W5000 Series
cve-2020-12930
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-17 00:00
Severity ?
EPSS score ?
Summary
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded R1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded R2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded 5000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded V1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded V2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-11-08T05:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e" } ], "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." } ], "providerMetadata": { "dateUpdated": "2024-02-13T19:20:09.393Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "source": { "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12930", "datePublished": "2022-11-09T20:44:25.791003Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T00:00:30.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26392
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 20:51
Severity ?
EPSS score ?
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded R1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded R2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded 5000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded V1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122Embedded V3000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-11-08T05:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e" } ], "value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA." } ], "providerMetadata": { "dateUpdated": "2024-02-13T19:22:08.137Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "source": { "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26392", "datePublished": "2022-11-09T20:44:26.258839Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T20:51:46.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12931
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.233Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded R1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded R2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded 5000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen(TM) Embedded V1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-11-08T05:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e" } ], "value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity." } ], "providerMetadata": { "dateUpdated": "2024-02-13T19:20:36.423Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "source": { "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12931", "datePublished": "2022-11-09T20:44:24.974055Z", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-09-17T00:56:08.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26391
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.325Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] } ], "datePublic": "2022-11-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel." } ], "problemTypes": [ { "descriptions": [ { "description": "TBD", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-09T00:00:00", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" } ], "source": { "advisory": "AMD-SB-1029", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26391", "datePublished": "2022-11-09T20:44:25.253369Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T17:33:16.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26393
Vulnerability from cvelistv5
Published
2022-11-09 20:44
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Version: AMD Radeon Software < 22.5.2 Version: AMD Radeon Pro Software Enterprise < 22.Q2 Version: Enterprise Driver < 22.10.20 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.406Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series", "vendor": "AMD", "versions": [ { "lessThan": "22.5.2", "status": "affected", "version": "AMD Radeon Software", "versionType": "custom" }, { "lessThan": "22.Q2", "status": "affected", "version": "AMD Radeon Pro Software Enterprise", "versionType": "custom" }, { "lessThan": "22.10.20", "status": "affected", "version": "Enterprise Driver", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded R1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded R2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded V1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2022-11-08T05:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e" } ], "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality." } ], "providerMetadata": { "dateUpdated": "2024-02-13T19:22:50.269Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029" }, { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001" } ], "source": { "advisory": "AMD-SB-1029, AMD-SB-5001", "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26393", "datePublished": "2022-11-09T20:44:25.517806Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-16T21:58:26.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }