All the vulnerabilites related to AMD - CPU
cve-2021-26400
Vulnerability from cvelistv5
Published
2022-05-11 16:36
Modified
2024-09-17 04:05
Severity ?
EPSS score ?
Summary
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.
References
▼ | URL | Tags |
---|---|---|
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | AMD | AMD Processors |
Version: Processor All Supported Processors |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:26:25.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AMD Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Processor All Supported Processors" } ] } ], "datePublic": "2022-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage." } ], "problemTypes": [ { "descriptions": [ { "description": "NA", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-11T16:36:21", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035" } ], "source": { "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "DATE_PUBLIC": "2022-05-10T20:30:00.000Z", "ID": "CVE-2021-26400", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AMD Processors", "version": { "version_data": [ { "version_affected": "=", "version_name": "Processor", "version_value": "All Supported Processors" } ] } } ] }, "vendor_name": "AMD" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "NA" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1035" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2021-26400", "datePublished": "2022-05-11T16:36:21.153693Z", "dateReserved": "2021-01-29T00:00:00", "dateUpdated": "2024-09-17T04:05:04.063Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2193
Vulnerability from cvelistv5
Published
2024-03-15 18:03
Modified
2024-10-29 16:10
Severity ?
EPSS score ?
Summary
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2193", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T15:31:03.336472Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T16:10:13.603Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:03:39.165Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.cert.org/vuls/id/488902" }, { "tags": [ "x_transferred" ], "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "tags": [ "x_transferred" ], "url": "https://www.vusec.net/projects/ghostrace/" }, { "tags": [ "x_transferred" ], "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "tags": [ "x_transferred" ], "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "tags": [ "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/488902" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "CPU", "vendor": "AMD", "versions": [ { "status": "affected", "version": "See advisory AMD-SB-7016" } ] }, { "product": "Xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "consult Xen advisory XSA-453" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks to Hany Ragab and Cristiano Giuffrida from the VUSec group at VU Amsterdam and Andrea Mambretti and Anil Kurmus from IBM Research Europe, Zurich for discovering and reporting this vulnerability." } ], "descriptions": [ { "lang": "en", "value": "A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-15T21:25:07.075Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "url": "https://kb.cert.org/vuls/id/488902" }, { "url": "https://xenbits.xen.org/xsa/advisory-453.html" }, { "url": "https://www.vusec.net/projects/ghostrace/" }, { "url": "https://download.vusec.net/papers/ghostrace_sec24.pdf" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23" }, { "url": "https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace" }, { "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html" }, { "url": "https://www.kb.cert.org/vuls/id/488902" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/12/14" } ], "source": { "discovery": "EXTERNAL" }, "title": "Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.", "x_generator": { "engine": "VINCE 2.1.11", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2193" } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2024-2193", "datePublished": "2024-03-15T18:03:32.844Z", "dateReserved": "2024-03-05T15:11:04.573Z", "dateUpdated": "2024-10-29T16:10:13.603Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }