All the vulnerabilites related to AMD - AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
cve-2024-21981
Vulnerability from cvelistv5
Published
2024-08-13 16:54
Modified
2024-08-15 18:09
Summary
Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
Impacted products
Vendor Product Version
AMD AMD EPYC™ 7002 Series Processors Version: various
AMD AMD EPYC™ 7003 Series Processors Version: various
AMD AMD Ryzen™ 3000 Series Desktop Processors Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processors Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Version: various
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Version: various
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Version: various
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Version: various
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Version: various
AMD AMD EPYC™ Embedded 3000 Series Processors Version: various
AMD AMD EPYC™ Embedded 7002 Series Processors Version: various
AMD AMD EPYC™ Embedded 7003 Series Processors Version: various
AMD AMD Ryzen™ Embedded R1000 Series Processors Version: various
AMD AMD Ryzen™ Embedded R2000 Series Processors Version: various
AMD AMD Ryzen™ Embedded 5000 Series Processors Version: various
AMD AMD Ryzen™ Embedded V1000 Series Processors Version: various
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:athlon:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "athlon",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:epyc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T17:56:59.454756Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-639",
                "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T18:09:24.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "PI",
          "product": "AMD EPYC\u2122 7001 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ewho has gained arbitrary code\nexecution privilege in ASP\u0026nbsp;\u003c/a\u003eto\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity.\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Improper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access who has gained arbitrary code\nexecution privilege in ASP\u00a0to\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:54:58.122Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-21981",
    "datePublished": "2024-08-13T16:54:58.122Z",
    "dateReserved": "2024-01-03T16:43:30.197Z",
    "dateUpdated": "2024-08-15T18:09:24.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20579
Vulnerability from cvelistv5
Published
2024-02-13 19:32
Modified
2024-08-02 09:05
Severity ?
Summary
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20579",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T15:53:23.792810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:20:09.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:32:11.904Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7009",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20579",
    "datePublished": "2024-02-13T19:32:11.904Z",
    "dateReserved": "2022-10-27T18:53:39.757Z",
    "dateUpdated": "2024-08-02T09:05:36.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26344
Vulnerability from cvelistv5
Published
2024-08-13 16:49
Modified
2024-08-13 18:33
Summary
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
Impacted products
Vendor Product Version
AMD AMD EPYC™ 7002 Series Processors
AMD AMD EPYC™ 7003 Series Processors
AMD AMD Ryzen™ 3000 Series Desktop Processors Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Version: various
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD EPYC™ Embedded 7002 Series Processors
AMD AMD EPYC™ Embedded 3000 Series Processors Version: Various
AMD AMD EPYC™ Embedded 7003 Series Processors
AMD AMD Ryzen™ Embedded R1000 Series Processors Version: v
AMD AMD Ryzen™ Embedded R2000 Series Processors Version: v
AMD AMD Ryzen™ Embedded 5000 Series Processors Version: v
AMD AMD Ryzen™ Embedded V1000 Series Processors Version: v
AMD AMD Ryzen™ Embedded V2000 Series Processors Version: v
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "naplespi",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "1.0.0.k",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "romepi",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "1.0.0.C",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "milanpi",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "1.0.0.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26344",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T18:29:11.333464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T18:33:40.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3  1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "v"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "v"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "v"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "v"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "v"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.4"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:49:52.889Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26344",
    "datePublished": "2024-08-13T16:49:52.889Z",
    "dateReserved": "2021-01-29T21:24:26.145Z",
    "dateUpdated": "2024-08-13T18:33:40.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26367
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-12-04 16:25
Summary
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26367",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T18:04:31.680686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T16:25:09.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
            }
          ],
          "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:50:05.825Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26367",
    "datePublished": "2024-08-13T16:50:05.825Z",
    "dateReserved": "2021-01-29T21:24:26.151Z",
    "dateUpdated": "2024-12-04T16:25:09.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46772
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-11-05 21:18
Summary
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.
Impacted products
Vendor Product Version
AMD AMD EPYC™ 7003 Series Processors
AMD AMD Ryzen™ 3000 Series Desktop Processors Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Version: ComboAM4V2 1.2.0.A
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Version: various
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD EPYC™ Embedded 7002 Series Processors
AMD AMD EPYC™ Embedded 7003 Series Processors
AMD AMD Ryzen™ Embedded R1000 Series Processors Version: various
AMD AMD Ryzen™ Embedded R2000 Series Processors Version: various
AMD AMD Ryzen™ Embedded 5000 Series Processors Version: various
AMD AMD Ryzen™ Embedded V1000 Series Processors Version: various
AMD AMD Ryzen™ Embedded V2000 Series Processors Version: various
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T14:19:27.997821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T21:18:50.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RomePI 1.0.0.E",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3  1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3  1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.4"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:50:54.016Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46772",
    "datePublished": "2024-08-13T16:50:54.016Z",
    "dateReserved": "2022-03-31T16:50:27.872Z",
    "dateUpdated": "2024-11-05T21:18:50.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-31315
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
Impacted products
Vendor Product Version
AMD 1st Gen AMD EPYC™ Processors Version: various
AMD 2nd Gen AMD EPYC™ Processors Version: various
AMD 4th Gen AMD EPYC™ Processors
AMD AMD EPYC™ Embedded 3000 Version: various
AMD AMD EPYC™ Embedded 7002 Version: various
AMD AMD EPYC™ Embedded 7003 Version: various
AMD AMD EPYC™ Embedded 9003
AMD AMD Ryzen™ Embedded R1000 Version: various
AMD AMD Ryzen™ Embedded R2000 Version: various
AMD AMD Ryzen™ Embedded 5000 Version: various
AMD AMD Ryzen™ Embedded 7000 Version: various
AMD AMD Ryzen™ Embedded V1000 Version: various
AMD AMD Ryzen™ Embedded V2000 Version: various
AMD AMD Ryzen™ Embedded V3000 Version: various
AMD AMD Ryzen™ 3000 Series Desktop Processors Version: various
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics
AMD AMD Ryzen™ 7000 Series Desktop Processors Version: various
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Version: various
AMD AMD Ryzen™ Threadripper™ PRO Processors Version: various
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7045 Series Mobile Processors
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Version: various
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T12:56:32.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
          },
          {
            "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
          },
          {
            "url": "https://news.ycombinator.com/item?id=41475975"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "1st_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "naples.pi.1.0.0.m",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "3rd_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "milan.pi.1.0.0.d",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "2nd_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rome.pi.1.0.0.j",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_amd_epyc_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "genoa_pi_1.0.0.c",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7002",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_7003",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "epyc_embedded_9003",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "emgenoa.pi.1.0.0.7",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_r2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_7000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_5000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v1000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v3000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_embedded_v2000",
            "vendor": "amd",
            "versions": [
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "various"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7000_desktop_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5pi.1.2.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2pi.1.2.0.cb",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_3000_series_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                "status": "affected",
                "version": "0",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              },
              {
                "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_threadripper_pro_3000wx_series_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picasso-fp5.1.0.1.2",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              },
              {
                "lessThan": "pollockpi-ft5.1.0.0.8",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picasso-fp5.1.0.1.2",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "renoirpi-fp6.1.0.0.e",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6.1.0.1.1",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7045_series_mobile_processors",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "dragonrangefl1.1.0.0.3e",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_6000_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "remembrandtpi-fp7.1.0.0.b",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7020_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "mendocinopi-ft6.1.0.0.7",
                "status": "affected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_7035_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "remembrandtpi-fp7.1.0.0.b",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ryzen_8000_series_processors_with_radeongraphics",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5pi.1.2.0.1",
                "status": "unaffected",
                "version": "various",
                "versionType": "python"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-31315",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-09T17:29:59.373286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T14:54:02.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "PI",
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Milan PI 1.0.0.D",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Naples PI 1.0.0.M",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Rome PI 1.0.0.J",
              "status": "affected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "4th Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Genoa PI 1.0.0.C",
              "status": "unaffected",
              "version": "various",
              "versionType": "Platform Initialization"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "EmbGenoaPI 1.0.0.7",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM5PI 1.2.0.1",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM4v2PI 1.2.0.cb",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            },
            {
              "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Picasso-FP5 1.0.1.2",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            },
            {
              "lessThan": "PollockPI-FT5 1.0.0.8",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "Picasso-FP5 1.0.1.2",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RenoirPI-FP6 1.0.0.E",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CezannePI-FP6 1.0.1.1",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "CezannePI-FP6",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "DragonRangeFL1 1.0.0.3e",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RembrandtPI-FP7 1.0.0.B",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "MendocinoPI-FT6 1.0.0.7",
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RembrandtPI-FP7 1.0.0.B",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "ComboAM5PI 1.2.0.1",
              "status": "unaffected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        }
      ],
      "datePublic": "2024-08-09T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
            }
          ],
          "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:37:24.501Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-31315",
    "datePublished": "2024-08-09T17:08:24.237Z",
    "dateReserved": "2023-04-27T15:25:41.423Z",
    "dateUpdated": "2024-09-12T12:56:32.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-46746
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-10-31 13:57
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
Impacted products
Vendor Product Version
AMD AMD EPYC™ 7002 Processors Version: various
AMD AMD EPYC™ 7003 Processors Version: various
AMD AMD EPYC™ 9004 Processors Version: various
AMD AMD Ryzen™ 3000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD AMD Ryzen™ 7000 Series Desktop Processors Version: ComboAM5 1.0.8.0
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Version: PollockPI-FT5 1.0.0.4
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7045 Series Mobile Processors
AMD AMD EPYC™ Embedded 3000 Series Processors Version: various
AMD AMD EPYC™ Embedded 7002 Series Processors Version: various
AMD AMD EPYC™ Embedded 7003 Series Processors Version: various
AMD AMD EPYC™ Embedded 9003 Series Processors Version: various
AMD AMD Ryzen™ Embedded R1000 Series Processors
AMD AMD Ryzen™ Embedded R2000 Series Processors
AMD AMD Ryzen™ Embedded 5000 Series Processors
AMD AMD Ryzen™ Embedded 7000 Series Processors
AMD AMD Ryzen™ Embedded V1000 Series Processors
AMD AMD Ryzen™ Embedded V2000 Series Processors
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46746",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T16:06:22.367564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:57:25.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4 V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "ComboAM5 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.2"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:50:51.023Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-46746",
    "datePublished": "2024-08-13T16:50:51.023Z",
    "dateReserved": "2022-03-31T16:50:27.864Z",
    "dateUpdated": "2024-10-31T13:57:25.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23817
Vulnerability from cvelistv5
Published
2024-08-13 16:51
Modified
2024-08-16 20:27
Summary
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.
Impacted products
Vendor Product Version
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD AMD Ryzen™ 7000 Series Desktop Processors
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7045 Series Mobile Processors
AMD AMD Ryzen™ Embedded R1000 Series Processors
AMD AMD Ryzen™ Embedded R2000 Series Processors
AMD AMD Ryzen™ Embedded 5000 Series Processors
AMD AMD Ryzen™ Embedded 7000 Series Processors
AMD AMD Ryzen™ Embedded V1000 Series Processors
AMD AMD Ryzen™ Embedded V2000 Series Processors
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_3300x_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2_1.2.0.a",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_3300u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picassopi-fp5_1.0.0.e",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_pro_3200g_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2_pi_1.2.0.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_5_7500f_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam5_1.0.8.0",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_threadripper_pro_3995wx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakpi-sp3r3_1.0.0.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_threadripper_pro_3995wx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "castlepeakwspi-swrx8_1.0.0.a",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_threadripper_pro_5995wx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "chagallwspi-swrx8_1.0.0.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_4300u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "renoirpi-fp6_1.0.0.a",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_5_6600u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rembrandtpi-fp7_1.0.0.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_7335u_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "rembrandtpi-fp7_1.0.0.5",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_7_7745hx_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "dragonrangefl1pi_1.0.0.3b",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_5_5600x_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "comboam4v2_pi_1.2.0.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_5300g_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6_1.0.0.c",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "ryzen_3_5425c_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "cezannepi-fp6_1.0.0.c",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "athlon_pro_300ge_firmware",
            "vendor": "amd",
            "versions": [
              {
                "lessThan": "picassopi-fp5_1.0.0.e",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T17:51:43.434721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T20:27:19.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V1  1.0.0.A/ComboAM4V2  1.2.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5  1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI  1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.5"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8  1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6  1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "DragonRangeFL1PI 1.0.0.3b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation."
            }
          ],
          "value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:51:45.468Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2022-23817",
    "datePublished": "2024-08-13T16:51:45.468Z",
    "dateReserved": "2022-01-21T17:14:12.302Z",
    "dateUpdated": "2024-08-16T20:27:19.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20518
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2024-11-05 17:10
Summary
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
Impacted products
Vendor Product Version
AMD AMD Ryzen™ 3000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD AMD Ryzen™ 7000 Series Desktop Processors
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ Embedded R1000 Series Processors
AMD AMD Ryzen™ Embedded R2000 Series Processors
AMD AMD Ryzen™ Embedded 5000 Series Processors
AMD AMD Ryzen™ Embedded 7000 Series Processors
AMD AMD Ryzen™ Embedded V1000 Series Processors Version: various
AMD AMD Ryzen™ Embedded V2000 Series Processors
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T14:20:09.090291Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-459",
                "description": "CWE-459 Incomplete Cleanup",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T17:10:30.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "GenoaPI 1.0.0.4",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V1 1.0.0.A"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4V1 1.0.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4V2 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8  1.0.0.6"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8  1.0.0.B"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PollockPI-FT5   1.0.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.F"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MendocinoPI-FT6 1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5  1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.3"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI  1.0.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.5"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:52:55.976Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20518",
    "datePublished": "2024-08-13T16:52:55.976Z",
    "dateReserved": "2022-10-27T18:53:39.736Z",
    "dateUpdated": "2024-11-05T17:10:30.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26387
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-10-30 17:59
Summary
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
Impacted products
Vendor Product Version
AMD AMD EPYC™ 7002 Series Processors Version: various
AMD AMD EPYC™ 7003 Series Processors Version: various
AMD AMD EPYC™ 9004 Series Processors Version: various
AMD AMD Ryzen™ 3000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processors
AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics
AMD AMD Ryzen™ 7000 Series Desktop Processors
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
AMD AMD Ryzen™ Threadripper™ 3000 Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics
AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD AMD EPYC™ Embedded 3000 Series Processors Version: various
AMD AMD EPYC™ Embedded 7002 Series Processors Version: various
AMD AMD EPYC™ Embedded 7003 Series Processors Version: various
AMD AMD EPYC™ Embedded 9003 Series Processors Version: various
AMD AMD Ryzen™ Embedded R1000 Series Processors
AMD AMD Ryzen™ Embedded R2000 Series Processors
AMD AMD Ryzen™ Embedded 5000 Series Processors
AMD AMD Ryzen™ Embedded V1000 Series Processors
AMD AMD Ryzen™ Embedded V2000 Series Processors
AMD AMD Ryzen™ Embedded V3000 Series Processors
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T15:47:34.441746Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T17:59:30.394Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "PI",
          "product": "AMD EPYC\u2122 7001 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various",
              "versionType": "PI"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4 V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4 V2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM5 1.0.8.0"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4PI 1.0.0.9"
            },
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ComboAM4v2 PI 1.2.0.5"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakPI-SP3r3  1.0.0.7"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            },
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PollockPI-FT5  1.0.0.4"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "PicassoPI-FP5  1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RenoirPI-FP6  1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6  1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "RembrandtPI-FP7 1.0.0.9b"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CezannePI-FP6 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedR2KPI-FP5 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI  1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP5 1.2.0.A"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2 1.0.0.9"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected \u003ca target=\"_blank\" rel=\"nofollow\"\u003eareas,\u003c/a\u003e\u0026nbsp;potentially leading to a loss of platform integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
            }
          ],
          "value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T16:50:22.151Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26387",
    "datePublished": "2024-08-13T16:50:22.151Z",
    "dateReserved": "2021-01-29T21:24:26.161Z",
    "dateUpdated": "2024-10-30T17:59:30.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}