Vulnerabilites related to AMD - AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics
CVE-2021-46746 (GCVE-0-2021-46746)
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-10-31 13:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing
keys to c006Frrupt the return address, causing a
stack-based buffer overrun, potentially leading to a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-46746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:06:22.367564Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T13:57:25.237Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7001 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9" }, { "status": "unaffected", "version": "ComboAM4 V2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "ComboAM5 1.0.8.0" } ] }, { "defaultStatus": "unaffected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9" }, { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2" }, { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "PollockPI-FT5 1.0.0.4" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1PI 1.0.0.3b" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9003 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.2" } ] } ], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e" } ], "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:50:51.023Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46746", "datePublished": "2024-08-13T16:50:51.023Z", "dateReserved": "2022-03-31T16:50:27.864Z", "dateUpdated": "2024-10-31T13:57:25.237Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36354 (GCVE-0-2024-36354)
Vulnerability from cvelistv5
Published
2025-09-06 18:06
Modified
2025-09-09 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ Threadripper™ 3000 Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36354", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-09T03:55:24.891Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8-1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.1a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8-1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5_1.0.1.2a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.8.0" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5_1.0.1.2a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5PI_1.2.0.2a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.8.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.Ea" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_1.0.0.Ba" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1_1.0.0.3f" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_1.0.0.Ba" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5PI_1.2.0.2a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.1a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 9000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5PI_1.2.0.2a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI_1.0.0.C" }, { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI_1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "SnowyOwl PI 1.1.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbRomePI-SP3_1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Embedded-PI_FP7r2 100A" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 97X4 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MilanPI 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rome PI 1.0.0.M" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7001 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Naples 1.0.0.Q" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 4004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5PI_1.2.0.2a" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 8004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.D" } ] } ], "datePublic": "2025-09-06T17:45:28.280Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.\u003cbr\u003e" } ], "value": "Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T18:06:43.084Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2024-36354", "datePublished": "2025-09-06T18:06:43.084Z", "dateReserved": "2024-05-23T19:44:50.000Z", "dateUpdated": "2025-09-09T03:55:24.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-26344 (GCVE-0-2021-26344)
Vulnerability from cvelistv5
Published
2024-08-13 16:49
Modified
2025-03-18 15:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An out of bounds memory write when processing the AMD
PSP1 Configuration Block (APCB) could allow an attacker with access the ability
to modify the BIOS image, and the ability to sign the resulting image, to
potentially modify the APCB block resulting in arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD EPYC™ 7001 Series Processors |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "naplespi", "vendor": "amd", "versions": [ { "lessThan": "1.0.0.k", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "romepi", "vendor": "amd", "versions": [ { "lessThan": "1.0.0.C", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "milanpi", "vendor": "amd", "versions": [ { "lessThan": "1.0.0.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2021-26344", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-13T18:29:11.333464Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-18T15:35:45.232Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7001 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RomePI 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MilanPI 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbRomePI-SP3 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "v" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "v" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "v" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "v" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "v" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.4" } ] } ], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e" } ], "value": "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:49:52.889Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26344", "datePublished": "2024-08-13T16:49:52.889Z", "dateReserved": "2021-01-29T21:24:26.145Z", "dateUpdated": "2025-03-18T15:35:45.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20579 (GCVE-0-2023-20579)
Vulnerability from cvelistv5
Published
2024-02-13 19:32
Modified
2025-03-14 17:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper
Access Control in the AMD SPI protection feature may allow a user with Ring0
(kernel mode) privileged access to bypass protections potentially resulting in
loss of integrity and availability.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics |
Version: various |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-20579", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-14T15:53:23.792810Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-14T17:21:09.724Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various " } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "packageName": "PI", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 Embedded V3000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "unaffected", "platforms": [ "x86" ], "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] } ], "datePublic": "2024-02-13T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e" } ], "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" } ], "providerMetadata": { "dateUpdated": "2024-02-13T19:32:11.904Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009" } ], "source": { "advisory": "AMD-SB-7009", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20579", "datePublished": "2024-02-13T19:32:11.904Z", "dateReserved": "2022-10-27T18:53:39.757Z", "dateUpdated": "2025-03-14T17:21:09.724Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21970 (GCVE-0-2024-21970)
Vulnerability from cvelistv5
Published
2025-09-06 17:20
Modified
2025-09-08 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-129 - Improper Validation of Array Index
Summary
Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ Threadripper™ 3000 Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21970", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T14:51:02.904590Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T14:51:10.909Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8-1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.E" }, { "status": "unaffected", "version": "ChagallWSPI-sWRX8-1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5 1.0.1.2" } ] }, { "defaultStatus": "affected", "product": "Renoir\nCezanne\nRaven Ridge\nRaven Ridge 2\nPicasso\nSummit\nPinnacle Ridge\nMatisse\nVermeer", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI_1.0.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.2.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6_1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1 1.0.0.3d" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.2.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5 1.0.1.2" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5 1.0.1.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI_1.0.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI_1.0.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5 1005" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Embedded-PI_FP7r2 100A" } ] } ], "datePublic": "2025-09-06T16:59:17.867Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.\u003cbr\u003e" } ], "value": "Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T17:20:19.749Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2024-21970", "datePublished": "2025-09-06T17:20:19.749Z", "dateReserved": "2024-01-03T16:43:28.699Z", "dateUpdated": "2025-09-08T14:51:10.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2025-03-18 20:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD EPYC™ 7001 Processors | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_7001", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.k" } ] }, { "cpes": [ "cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_7002", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.g" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_9004", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.2" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_3000", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.1.0.a" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_7002", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.a" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_7003", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.7" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_9003", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.0" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_7000", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.0" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_v3000", "vendor": "amd", "versions": [ { "status": "unaffected", "version": "1.0.0.8" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-20578", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T15:56:35.845479Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-18T20:03:43.905Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": "PI", "product": "AMD EPYC\u2122 7001 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "NaplesPI 1.0.0.K", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RomePI 1.0.0.G" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MilanPI 1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.0.0.1" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.9b" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.9b" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "SnowyOwl PI 1.1.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbRomePI-SP3 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9003", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD RyzenTM Embedded V3000", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.8" } ] } ], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e" } ], "value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:52:58.457Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20578", "datePublished": "2024-08-13T16:52:58.457Z", "dateReserved": "2022-10-27T18:53:39.757Z", "dateUpdated": "2025-03-18T20:03:43.905Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21977 (GCVE-0-2024-21977)
Vulnerability from cvelistv5
Published
2025-09-05 12:58
Modified
2025-09-05 13:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-459 - Incomplete Cleanup
Summary
Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD EPYC™ 7003 Series Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21977", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-05T13:34:55.383175Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-05T13:35:08.152Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MilanPI 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 8004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7/FP7r2_1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 1.2.0.Cb" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.2.0.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7/FP7r2_1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1 1.0.0.3e" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.2.0.1" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbGenoaPI-SP5 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Embedded-PI_FP7r2 100A" } ] } ], "datePublic": "2025-09-05T12:37:57.776Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.\u003cbr\u003e" } ], "value": "Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-05T12:58:39.312Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2024-21977", "datePublished": "2025-09-05T12:58:39.312Z", "dateReserved": "2024-01-03T16:43:30.196Z", "dateUpdated": "2025-09-05T13:35:08.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-31315 (GCVE-0-2023-31315)
Vulnerability from cvelistv5
Published
2024-08-09 17:08
Modified
2024-09-12 12:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | 3rd Gen AMD EPYC™ Processors |
Version: various |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-09-12T12:56:32.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw" }, { "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf" }, { "url": "https://news.ycombinator.com/item?id=41475975" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } }, { "affected": [ { "cpes": [ "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "1st_gen_amd_epyc_processors", "vendor": "amd", "versions": [ { "lessThan": "naples.pi.1.0.0.m", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "3rd_gen_amd_epyc_processors", "vendor": "amd", "versions": [ { "lessThan": "milan.pi.1.0.0.d", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "2nd_gen_amd_epyc_processors", "vendor": "amd", "versions": [ { "lessThan": "rome.pi.1.0.0.j", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_3000_series_desktop_processors", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "4th_gen_amd_epyc_processors", "vendor": "amd", "versions": [ { "lessThan": "genoa_pi_1.0.0.c", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_3000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_7002", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_7003", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "epyc_embedded_9003", "vendor": "amd", "versions": [ { "lessThan": "emgenoa.pi.1.0.0.7", "status": "unaffected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_r1000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_r2000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_7000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_5000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_v1000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_v3000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_embedded_v2000", "vendor": "amd", "versions": [ { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "phoenixpi-fp8-fp7.1.1.0.3", "status": "unaffected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_5000_series_desktop_processors", "vendor": "amd", "versions": [ { "lessThan": "comboam4v2pi.1.2.0.cb", "status": "unaffected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "comboam4v2pi.1.2.0.cb", "status": "unaffected", "version": "0", "versionType": "custom" }, { "status": "affected", "version": "various" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_7000_desktop_processors", "vendor": "amd", "versions": [ { "lessThan": "comboam5pi.1.2.0.1", "status": "affected", "version": "0", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "comboam4v2pi.1.2.0.cb", "status": "affected", "version": "0", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_threadripper_3000_series_processors", "vendor": "amd", "versions": [ { "lessThan": "castlepeakpl-sp3r3.1.0.0.b", "status": "affected", "version": "0", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_threadripper_pro_processors", "vendor": "amd", "versions": [ { "lessThan": "chagallwspi-swrx8.1.0.0.8", "status": "affected", "version": "various", "versionType": "python" }, { "lessThan": "castlepeakwspi-swrx8.1.0.0.8", "status": "affected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_threadripper_pro_3000wx_series_processors", "vendor": "amd", "versions": [ { "lessThan": "chagallwspi-swrx8.1.0.0.8", "status": "affected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "athlon_3000_series_mobile_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "picasso-fp5.1.0.1.2", "status": "affected", "version": "various", "versionType": "python" }, { "lessThan": "pollockpi-ft5.1.0.0.8", "status": "affected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "picasso-fp5.1.0.1.2", "status": "affected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "renoirpi-fp6.1.0.0.e", "status": "unaffected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "cezannepi-fp6.1.0.1.1", "status": "unaffected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics", "vendor": "amd", "versions": [ { "lessThan": "cezannepi-fp6", "status": "affected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_7045_series_mobile_processors", "vendor": "amd", "versions": [ { "lessThan": "dragonrangefl1.1.0.0.3e", "status": "unaffected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_6000_processors_with_radeongraphics", "vendor": "amd", "versions": [ { "lessThan": "remembrandtpi-fp7.1.0.0.b", "status": "unaffected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_7020_processors_with_radeongraphics", "vendor": "amd", "versions": [ { "lessThan": "mendocinopi-ft6.1.0.0.7", "status": "affected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_7035_processors_with_radeongraphics", "vendor": "amd", "versions": [ { "lessThan": "remembrandtpi-fp7.1.0.0.b", "status": "unaffected", "version": "various", "versionType": "python" } ] }, { "cpes": [ "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ryzen_8000_series_processors_with_radeongraphics", "vendor": "amd", "versions": [ { "lessThan": "comboam5pi.1.2.0.1", "status": "unaffected", "version": "various", "versionType": "python" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-31315", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-09T17:29:59.373286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-27T14:54:02.319Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "PI", "product": "3rd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "lessThan": "Milan PI 1.0.0.D", "status": "affected", "version": "various", "versionType": "Platform Initialization" } ] }, { "defaultStatus": "affected", "product": "1st Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "lessThan": "Naples PI 1.0.0.M", "status": "affected", "version": "various", "versionType": "Platform Initialization" } ] }, { "defaultStatus": "affected", "product": "2nd Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "lessThan": "Rome PI 1.0.0.J", "status": "affected", "version": "various", "versionType": "Platform Initialization" } ] }, { "defaultStatus": "affected", "product": "4th Gen AMD EPYC\u2122 Processors", "vendor": "AMD", "versions": [ { "lessThan": "Genoa PI 1.0.0.C", "status": "unaffected", "version": "various", "versionType": "Platform Initialization" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9003", "vendor": "AMD", "versions": [ { "lessThan": "EmbGenoaPI 1.0.0.7", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "lessThan": "ComboAM4v2PI 1.2.0.cb", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "ComboAM4v2PI 1.2.0.cb", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "lessThan": "ComboAM5PI 1.2.0.1", "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "ComboAM4v2PI 1.2.0.cb", "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "lessThan": "CastlePeakPI-SP3r3 1.0.0.B", "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors", "vendor": "AMD", "versions": [ { "lessThan": "ChagallWSPI-sWRX8 1.0.0.8", "status": "affected", "version": "various", "versionType": "PI" }, { "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "lessThan": "ChagallWSPI-sWRX8 1.0.0.8", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "Picasso-FP5 1.0.1.2", "status": "unaffected", "version": "various", "versionType": "PI" }, { "lessThan": "PollockPI-FT5 1.0.0.8", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "Picasso-FP5 1.0.1.2", "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "RenoirPI-FP6 1.0.0.E", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "CezannePI-FP6 1.0.1.1", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "CezannePI-FP6", "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors", "vendor": "AMD", "versions": [ { "lessThan": "DragonRangeFL1 1.0.0.3e", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "RembrandtPI-FP7 1.0.0.B", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "MendocinoPI-FT6 1.0.0.7", "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "RembrandtPI-FP7 1.0.0.B", "status": "unaffected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "lessThan": "ComboAM5PI 1.2.0.1", "status": "unaffected", "version": "various", "versionType": "PI" } ] } ], "datePublic": "2024-08-09T12:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e" } ], "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T15:37:24.501Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-31315", "datePublished": "2024-08-09T17:08:24.237Z", "dateReserved": "2023-04-27T15:25:41.423Z", "dateUpdated": "2024-09-12T12:56:32.250Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0010 (GCVE-0-2025-0010)
Vulnerability from cvelistv5
Published
2025-09-06 18:26
Modified
2025-09-08 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Radeon™ RX 5000 Series Graphics Products | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0010", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T19:56:34.478973Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T19:56:43.287Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 VII", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI200", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.3" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI210", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.3" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI250", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.3" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300A", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.3" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300X", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.3" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V520 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V710 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 AI 300 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 9000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 24.30.2" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Reported through AMD Bug Bounty Program" } ], "datePublic": "2025-09-06T18:04:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.\u003cbr\u003e" } ], "value": "An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T18:26:15.118Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2025-0010", "datePublished": "2025-09-06T18:26:15.118Z", "dateReserved": "2024-10-10T20:27:46.721Z", "dateUpdated": "2025-09-08T19:56:43.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-26387 (GCVE-0-2021-26387)
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-10-30 17:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD signing keys and the BIOS menu or UEFI
shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD EPYC™ 7001 Series Processors |
Version: various |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-26387", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:47:34.441746Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-30T17:59:30.394Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "packageName": "PI", "product": "AMD EPYC\u2122 7001 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9" }, { "status": "unaffected", "version": "ComboAM4 V2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4 V2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.0.8.0" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9" }, { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2" }, { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PollockPI-FT5 1.0.0.4" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.9b" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.9b" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 9003 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.9" } ] } ], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected \u003ca target=\"_blank\" rel=\"nofollow\"\u003eareas,\u003c/a\u003e\u0026nbsp;potentially leading to a loss of platform integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e" } ], "value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:50:22.151Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26387", "datePublished": "2024-08-13T16:50:22.151Z", "dateReserved": "2021-01-29T21:24:26.161Z", "dateUpdated": "2024-10-30T17:59:30.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36352 (GCVE-0-2024-36352)
Vulnerability from cvelistv5
Published
2025-09-06 17:54
Modified
2025-09-08 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36352", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T14:48:27.064323Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T14:48:33.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 9000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "LTS Kernel 6.12.25" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (23.19.21.01 pre-RDNA), AMD Software: PRO Edition 24.Q4 (23.19.21.01/23.19.21.04 pre-RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 VII", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO VII", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q4 (24.20.30 RDNA)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 Instinct\u2122 MI25 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V520 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V710 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] } ], "credits": [ { "lang": "en", "value": "Reported through AMD Bug Bounty Program" } ], "datePublic": "2025-09-06T17:33:50.299Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.\u003cbr\u003e" } ], "value": "Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822 Untrusted Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T17:54:57.932Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2024-36352", "datePublished": "2025-09-06T17:54:57.932Z", "dateReserved": "2024-05-23T19:44:50.000Z", "dateUpdated": "2025-09-08T14:48:33.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-36342 (GCVE-0-2024-36342)
Vulnerability from cvelistv5
Published
2025-09-06 17:42
Modified
2025-09-09 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-36342", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-09T03:55:24.059Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 AI 300 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 9000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.x" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 8000 Series", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "amd_chipset_software_7.06.02.123.exe , PSP driver version: 5.39.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 9000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX Vega Series Graphics Cards", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO VII", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Radeon Software for Linux 25.10.1" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI210", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI250", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300A", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI300X", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI308X", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI325X", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V520 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V710 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Reported through AMD Bug Bounty Program" } ], "datePublic": "2025-09-06T17:15:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.\u003cbr\u003e" } ], "value": "Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T17:42:00.232Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2024-36342", "datePublished": "2025-09-06T17:42:00.232Z", "dateReserved": "2024-05-23T19:44:47.200Z", "dateUpdated": "2025-09-09T03:55:24.059Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20518 (GCVE-0-2023-20518)
Vulnerability from cvelistv5
Published
2024-08-13 16:52
Modified
2024-11-05 17:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD EPYC™ 9004 Series Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-20518", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T14:20:09.090291Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-459", "description": "CWE-459 Incomplete Cleanup", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T17:10:30.170Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD EPYC\u2122 9004 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "GenoaPI 1.0.0.4", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V1 1.0.0.A" }, { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" }, { "status": "unaffected", "version": "ComboAM4V1 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6" }, { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PollockPI-FT5 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.F" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.4" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.0" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.5" } ] } ], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e" } ], "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:52:55.976Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-20518", "datePublished": "2024-08-13T16:52:55.976Z", "dateReserved": "2022-10-27T18:53:39.736Z", "dateUpdated": "2024-11-05T17:10:30.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-46750 (GCVE-0-2021-46750)
Vulnerability from cvelistv5
Published
2025-09-06 16:03
Modified
2025-09-08 13:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-46750", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T13:44:54.633621Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T13:45:05.234Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_0.0.8.0 RC1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_0.0.8.0 RC1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5_1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2_1000" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 23.Q4 (23.30.13.03)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] } ], "datePublic": "2025-09-06T15:42:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity.\u003cbr\u003e" } ], "value": "Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T16:03:55.584Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46750", "datePublished": "2025-09-06T16:03:55.584Z", "dateReserved": "2022-03-31T16:50:27.866Z", "dateUpdated": "2025-09-08T13:45:05.234Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-23817 (GCVE-0-2022-23817)
Vulnerability from cvelistv5
Published
2024-08-13 16:51
Modified
2024-08-16 20:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ 3000 Series Desktop Processors | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_3300x_firmware", "vendor": "amd", "versions": [ { "lessThan": "comboam4v2_1.2.0.a", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_3300u_firmware", "vendor": "amd", "versions": [ { "lessThan": "picassopi-fp5_1.0.0.e", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_pro_3200g_firmware", "vendor": "amd", "versions": [ { "lessThan": "comboam4v2_pi_1.2.0.8", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_5_7500f_firmware", "vendor": "amd", "versions": [ { "lessThan": "comboam5_1.0.8.0", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_threadripper_pro_3995wx_firmware", "vendor": "amd", "versions": [ { "lessThan": "castlepeakpi-sp3r3_1.0.0.8", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_threadripper_pro_3995wx_firmware", "vendor": "amd", "versions": [ { "lessThan": "castlepeakwspi-swrx8_1.0.0.a", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_threadripper_pro_5995wx_firmware", "vendor": "amd", "versions": [ { "lessThan": "chagallwspi-swrx8_1.0.0.5", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_4300u_firmware", "vendor": "amd", "versions": [ { "lessThan": "renoirpi-fp6_1.0.0.a", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_5_6600u_firmware", "vendor": "amd", "versions": [ { "lessThan": "rembrandtpi-fp7_1.0.0.5", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_7335u_firmware", "vendor": "amd", "versions": [ { "lessThan": "rembrandtpi-fp7_1.0.0.5", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_7_7745hx_firmware", "vendor": "amd", "versions": [ { "lessThan": "dragonrangefl1pi_1.0.0.3b", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_5_5600x_firmware", "vendor": "amd", "versions": [ { "lessThan": "comboam4v2_pi_1.2.0.8", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_5300g_firmware", "vendor": "amd", "versions": [ { "lessThan": "cezannepi-fp6_1.0.0.c", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "ryzen_3_5425c_firmware", "vendor": "amd", "versions": [ { "lessThan": "cezannepi-fp6_1.0.0.c", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "athlon_pro_300ge_firmware", "vendor": "amd", "versions": [ { "lessThan": "picassopi-fp5_1.0.0.e", "status": "unaffected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-23817", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-13T17:51:43.434721Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-16T20:27:19.545Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V1 1.0.0.A/ComboAM4V2 1.2.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.0.8.0" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9" }, { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.5" }, { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PollockPI-FT5 1.0.0.4" } ] }, { "defaultStatus": "unaffected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1PI 1.0.0.3b" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedAM5PI 1.0.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.2" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation." } ], "value": "Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading to privilege escalation." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:51:45.468Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2022-23817", "datePublished": "2024-08-13T16:51:45.468Z", "dateReserved": "2022-01-21T17:14:12.302Z", "dateUpdated": "2024-08-16T20:27:19.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21947 (GCVE-0-2024-21947)
Vulnerability from cvelistv5
Published
2025-09-06 17:10
Modified
2025-09-09 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ Threadripper™ 3000 Processors | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21947", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-09T03:55:22.425Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8-1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.E" }, { "status": "unaffected", "version": "ChagallWSPI-sWRX8-1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4 1.0.0.B" }, { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5 1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5 1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4 1.0.0.B" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.2.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Renoir-FP6 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rembrandt-FP7 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.2.0.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1 1.0.0.3d" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rembrandt-FP7 1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 120C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5_1003" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5 120C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Embedded-PI_FP7r2 1009" } ] } ], "credits": [ { "lang": "en", "value": "Reported through AMD Bug Bounty Program" } ], "datePublic": "2025-09-06T16:50:07.685Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.\u003cbr\u003e" } ], "value": "Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T17:10:47.951Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2024-21947", "datePublished": "2025-09-06T17:10:47.951Z", "dateReserved": "2024-01-03T16:43:21.322Z", "dateUpdated": "2025-09-09T03:55:22.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-31330 (GCVE-0-2023-31330)
Vulnerability from cvelistv5
Published
2025-09-06 16:57
Modified
2025-09-08 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ Threadripper™ 3000 Processors | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-31330", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T20:03:59.285611Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T20:04:07.101Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "chagallwspi_swrx8_1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "chagallwspi_swrx8_1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "StrormPeakPI-SP6_1.0.0.1e" }, { "status": "unaffected", "version": "StrormPeakPI-SP6_1.1.0.0c" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5_1.0.1.1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI_1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 8000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.1.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.0.1b" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Renoir-FP6_1.0.0.Ea" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rembrandt-FP7_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 7000 Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "StrormPeakPI-SP6_1.1.0.0c" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "DragonRangeFL1PI 1.0.0.3C" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rembrandt-FP7_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.1a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.1a" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM5 1.1.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Picasso-FP5_1.0.1.1" } ] } ], "datePublic": "2025-09-06T16:35:43.322Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.\u003cbr\u003e" } ], "value": "An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T16:57:08.320Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-31330", "datePublished": "2025-09-06T16:57:08.320Z", "dateReserved": "2023-04-27T15:25:41.424Z", "dateUpdated": "2025-09-08T20:04:07.101Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-26377 (GCVE-0-2021-26377)
Vulnerability from cvelistv5
Published
2025-09-06 15:18
Modified
2025-09-08 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-26377", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T13:46:56.766235Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T13:47:10.991Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakPI-SP3r3 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CastlePeakWSPI-sWRX8 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PicassoPI-FP5 1.0.0.E" }, { "status": "unaffected", "version": "PollockPI-FT5 1.0.0.4" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4PI 1.0.0.9/ ComboAM4 V2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2 PI 1.2.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RenoirPI-FP6 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4 V2 PI 1.2.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7_0.0.8.0 RC1" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedR2KPI-FP5_1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbAM4PI 1.0.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP5_1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2_1000" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)" }, { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q2 (24.10.20)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q2 (24.10.20)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)" }, { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q2 (24.10.20)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q2 (24.10.20)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 Instinct\u2122 MI25 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V520 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V620 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] } ], "datePublic": "2025-09-06T14:57:52.467Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.\r\n\u003cbr\u003e" } ], "value": "Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T15:18:56.502Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26377", "datePublished": "2025-09-06T15:18:56.502Z", "dateReserved": "2021-01-29T21:24:26.157Z", "dateUpdated": "2025-09-08T13:47:10.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-31326 (GCVE-0-2023-31326)
Vulnerability from cvelistv5
Published
2025-09-06 16:48
Modified
2025-09-08 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-457 - Use of Uninitialized Variable
Summary
Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-31326", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T20:04:35.581719Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T20:04:43.607Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7030 Series Mobile processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4v2PI_1.2.0.CA" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "PhoenixPI-FP8-FP7_1.1.0.2" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Renoir-FP6_ 1.0.0.D" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Rembrandt-FP7_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Cezanne-FP6_1.0.1.0" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6_1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP6_1.0.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Embedded-PI_FP7r2 1009" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 RX 7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: Adrenalin Edition 24.7.1 (24.10.29.01)" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO W7000 Series Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "AMD Software: PRO Edition 24.Q2 (24.10.20)" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI210", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Instinct\u2122 MI250", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ROCm 6.4" } ] }, { "defaultStatus": "affected", "product": "AMD Radeon\u2122 PRO V710 Graphics Products", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "Contact your AMD Customer Engineering representative" } ] } ], "datePublic": "2025-09-06T16:27:46.642Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality. \u003cbr\u003e" } ], "value": "Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457 Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-06T16:48:43.991Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4012.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6018.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "AMD PSIRT Automation 1.0" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2023-31326", "datePublished": "2025-09-06T16:48:43.991Z", "dateReserved": "2023-04-27T15:25:41.424Z", "dateUpdated": "2025-09-08T20:04:43.607Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-46772 (GCVE-0-2021-46772)
Vulnerability from cvelistv5
Published
2024-08-13 16:50
Modified
2024-11-05 21:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insufficient input validation in the ABL may allow a privileged
attacker with access to the BIOS menu or UEFI shell to tamper with the
structure headers in SPI ROM causing an out of bounds memory read and write,
potentially resulting in memory corruption or denial of service.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | AMD | AMD EPYC™ 7002 Series Processors | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2021-46772", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T14:19:27.997821Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T21:18:50.631Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RomePI 1.0.0.E", "versionType": "PI" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MilanPI 1.0.0.9" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "ComboAM4V2 1.2.0.A" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "ChagallWSPI-sWRX8 1.0.0.6" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "MendocinoPI-FT6 1.0.0.3" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "RembrandtPI-FP7 1.0.0.7" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "CezannePI-FP6 1.0.0.E" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7002 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbRomePI-SP3 1.0.0.8" } ] }, { "defaultStatus": "affected", "product": "AMD EPYC\u2122 Embedded 7003 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbMilanPI-SP3 1.0.0.5" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "various" } ] }, { "defaultStatus": "affected", "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors", "vendor": "AMD", "versions": [ { "status": "unaffected", "version": "EmbeddedPI-FP7r2 1.0.0.4" } ] } ], "datePublic": "2024-08-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e" } ], "value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T16:50:54.016Z", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html" } ], "source": { "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001", "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-46772", "datePublished": "2024-08-13T16:50:54.016Z", "dateReserved": "2022-03-31T16:50:27.872Z", "dateUpdated": "2024-11-05T21:18:50.631Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }