Search

Find a vulnerability

Search criteria

    50 vulnerabilities found for 3rd Gen AMD EPYC™ Processors by AMD

    CVE-2023-31315 (GCVE-0-2023-31315)

    Vulnerability from nvd – Published: 2024-08-09 17:08 – Updated: 2024-09-12 12:56
    VLAI
    Summary
    Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < Milan PI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various , < Naples PI 1.0.0.M (Platform Initialization)
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various , < Rome PI 1.0.0.J (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Unaffected: various , < Genoa PI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Unaffected: various , < EmbGenoaPI 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various , < CastlePeakPI-SP3r3 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors Affected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Unaffected: various , < CastlePeakWSPI-sWRX8 1.0.0.D (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < Picasso-FP5 1.0.1.2 (PI)
    Unaffected: various , < PollockPI-FT5 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various , < Picasso-FP5 1.0.1.2 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < RenoirPI-FP6 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < CezannePI-FP6 1.0.1.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Affected: various , < CezannePI-FP6 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < PhoenixPI-FP8-FP7 1.1.0.3 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: various , < DragonRangeFL1 1.0.0.3e (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various , < MendocinoPI-FT6 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics Unaffected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    amd 1st_gen_amd_epyc_processors Affected: 0 , < naples.pi.1.0.0.m (custom)
        cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 3rd_gen_amd_epyc_processors Affected: 0 , < milan.pi.1.0.0.d (custom)
        cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 2nd_gen_amd_epyc_processors Affected: 0 , < rome.pi.1.0.0.j (custom)
        cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: various
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 4th_gen_amd_epyc_processors Affected: 0 , < genoa_pi_1.0.0.c (custom)
        cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_3000 Affected: various
        cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7002 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7003 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_9003 Unaffected: 0 , < emgenoa.pi.1.0.0.7 (custom)
    Affected: various
        cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_7000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_5000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v3000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7040_series_mobile_processors_with_radeon_graphics Unaffected: various , < phoenixpi-fp8-fp7.1.1.0.3 (python)
        cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors_with_radeon_graphics Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_desktop_processors Affected: 0 , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 0 , < comboam4v2pi.1.2.0.cb (python)
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_3000_series_processors Affected: 0 , < castlepeakpl-sp3r3.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
    Affected: various , < castlepeakwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3000wx_series_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000_series_mobile_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
    Affected: various , < pollockpi-ft5.1.0.0.8 (python)
        cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_mobile_processors_with_radeon_graphics Unaffected: various , < renoirpi-fp6.1.0.0.e (python)
        cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_mobile_processors_with_radeon_graphics Unaffected: various , < cezannepi-fp6.1.0.1.1 (python)
        cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7030_series-mobile_processors_with_radeon_graphics Affected: various , < cezannepi-fp6 (python)
        cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7045_series_mobile_processors Unaffected: various , < dragonrangefl1.1.0.0.3e (python)
        cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6000_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7020_processors_with_radeongraphics Affected: various , < mendocinopi-ft6.1.0.0.7 (python)
        cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7035_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_8000_series_processors_with_radeongraphics Unaffected: various , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-09 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:56:32.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
              },
              {
                "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
              },
              {
                "url": "https://news.ycombinator.com/item?id=41475975"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "1st_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "naples.pi.1.0.0.m",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "3rd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milan.pi.1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "2nd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rome.pi.1.0.0.j",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "4th_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoa_pi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7002",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7003",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_9003",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "emgenoa.pi.1.0.0.7",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_7000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_5000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_3000_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_3000wx_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "pollockpi-ft5.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6.1.0.0.e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6.1.0.1.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7045_series_mobile_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1.1.0.0.3e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6000_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7020_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "mendocinopi-ft6.1.0.0.7",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7035_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_8000_series_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T17:29:59.373286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T14:54:02.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Milan PI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Naples PI 1.0.0.M",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Rome PI 1.0.0.J",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Genoa PI 1.0.0.C",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI 1.0.0.7",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "PollockPI-FT5 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RenoirPI-FP6 1.0.0.E",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6 1.0.1.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "DragonRangeFL1 1.0.0.3e",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MendocinoPI-FT6 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            }
          ],
          "datePublic": "2024-08-09T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T15:37:24.501Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31315",
        "datePublished": "2024-08-09T17:08:24.237Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-09-12T12:56:32.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21980 (GCVE-0-2024-21980)

    Vulnerability from nvd – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T20:52:33.557459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:00:57.665Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:06:36.216Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21980",
        "datePublished": "2024-08-05T16:06:36.216Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T21:00:57.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21978 (GCVE-0-2024-21978)

    Vulnerability from nvd – Published: 2024-08-05 16:05 – Updated: 2024-08-05 17:36
    VLAI
    Summary
    Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:01:18.171419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:36:02.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:05:34.019Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21978",
        "datePublished": "2024-08-05T16:05:34.019Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T17:36:02.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31355 (GCVE-0-2023-31355)

    Vulnerability from nvd – Published: 2024-08-05 16:04 – Updated: 2024-08-06 14:58
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31355",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T14:07:12.426239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:58:40.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:04:24.813Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31355",
        "datePublished": "2024-08-05T16:04:24.813Z",
        "dateReserved": "2023-04-27T15:25:41.428Z",
        "dateUpdated": "2024-08-06T14:58:40.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23829 (GCVE-0-2022-23829)

    Vulnerability from nvd – Published: 2024-06-18 19:01 – Updated: 2024-08-29 20:40
    VLAI
    Summary
    A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Mobile Processors and Workstations Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processor Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC (TM) Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V3000 Affected: various
    Create a notification for this product.
    amd ryzen_threadripper_pro_5995wx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6980hx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 18:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_5995wx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6980hx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23829",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:32:15.481387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:40:26.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC (TM) Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-06-11T18:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T19:01:57.007Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23829",
        "datePublished": "2024-06-18T19:01:24.315Z",
        "dateReserved": "2022-01-21T17:20:55.781Z",
        "dateUpdated": "2024-08-29T20:40:26.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31347 (GCVE-0-2023-31347)

    Vulnerability from nvd – Published: 2024-02-13 19:18 – Updated: 2025-03-17 17:46
    VLAI
    Summary
    Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Date Public
    2024-02-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:31.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31347",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T19:50:42.676211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T17:46:05.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u0026nbsp;\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:51.045Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31347",
        "datePublished": "2024-02-13T19:18:51.045Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-17T17:46:05.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31346 (GCVE-0-2023-31346)

    Vulnerability from nvd – Published: 2024-02-13 19:18 – Updated: 2025-03-20 20:27
    VLAI
    Summary
    Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T20:06:47.743045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:27:50.012Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:21.462Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31346",
        "datePublished": "2024-02-13T19:18:19.089Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-20T20:27:50.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20587 (GCVE-0-2023-20587)

    Vulnerability from nvd – Published: 2024-02-13 19:31 – Updated: 2025-05-07 21:10
    VLAI
    Summary
    Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T19:17:11.969537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T21:10:03.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 3000 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 7002 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC(TM) Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:33.392Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20587",
        "datePublished": "2024-02-13T19:31:22.706Z",
        "dateReserved": "2022-10-27T18:53:39.759Z",
        "dateUpdated": "2025-05-07T21:10:03.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20573 (GCVE-0-2023-20573)

    Vulnerability from nvd – Published: 2024-01-11 13:53 – Updated: 2025-06-20 16:12
    VLAI
    Title
    Debug Exception Delivery in Secure Nested Paging
    Summary
    A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    AMD
    References
    Date Public
    2024-01-09 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.2,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T20:36:55.598699Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T16:12:15.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            }
          ],
          "datePublic": "2024-01-09T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
                }
              ],
              "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-11T13:53:52.581Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3004",
            "discovery": "UNKNOWN"
          },
          "title": "Debug Exception Delivery in Secure Nested Paging",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20573",
        "datePublished": "2024-01-11T13:53:52.581Z",
        "dateReserved": "2022-10-27T18:53:39.755Z",
        "dateUpdated": "2025-06-20T16:12:15.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20592 (GCVE-0-2023-20592)

    Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-10-11 18:07
    VLAI
    Summary
    Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:51.383280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T18:07:49.421Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:54:13.255Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3005",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20592",
        "datePublished": "2023-11-14T18:54:13.255Z",
        "dateReserved": "2022-10-27T18:53:39.762Z",
        "dateUpdated": "2024-10-11T18:07:49.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20566 (GCVE-0-2023-20566)

    Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
    VLAI
    Summary
    Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T20:58:09.078592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:26:45.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:36:52.542Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20566",
        "datePublished": "2023-11-14T18:54:00.908Z",
        "dateReserved": "2022-10-27T18:53:39.753Z",
        "dateUpdated": "2024-12-03T14:26:45.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20533 (GCVE-0-2023-20533)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.915Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122  Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122  Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122  Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:34:28.851Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20533",
        "datePublished": "2023-11-14T18:52:52.106Z",
        "dateReserved": "2022-10-27T18:53:39.739Z",
        "dateUpdated": "2024-08-02T09:05:36.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20526 (GCVE-0-2023-20526)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.942Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122  Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122  Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122  Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:43:52.998Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20526",
        "datePublished": "2023-11-14T18:52:41.992Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2024-08-02T09:05:36.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20521 (GCVE-0-2023-20521)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax” Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T19:38:18.334372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T14:56:31.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:42:56.250Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20521",
        "datePublished": "2023-11-14T18:52:31.662Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2024-08-02T09:05:36.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20519 (GCVE-0-2023-20519)

    Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-30 18:03
    VLAI
    Summary
    A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-30T18:03:44.986937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-30T18:03:55.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest\u0027s migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest\u0027s migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:53:36.329Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20519",
        "datePublished": "2023-11-14T18:53:36.329Z",
        "dateReserved": "2022-10-27T18:53:39.736Z",
        "dateUpdated": "2024-08-30T18:03:55.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23830 (GCVE-0-2022-23830)

    Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:45.987Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPY\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:41:52.383Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23830",
        "datePublished": "2023-11-14T18:53:28.408Z",
        "dateReserved": "2022-01-21T17:20:55.781Z",
        "dateUpdated": "2024-08-03T03:51:45.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23820 (GCVE-0-2022-23820)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51
    VLAI
    Summary
    Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 series Desktop Processors “Matisse" Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax” Affected: Various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt" Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R” Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo” Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics  \u201cBarcelo\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:28:41.324Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23820",
        "datePublished": "2023-11-14T18:52:21.457Z",
        "dateReserved": "2022-01-21T17:20:55.778Z",
        "dateUpdated": "2024-08-03T03:51:46.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46774 (GCVE-0-2021-46774)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
    VLAI
    Summary
    Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:52.542045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T18:07:59.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122  Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:31:43.449Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46774",
        "datePublished": "2023-11-14T18:52:11.012Z",
        "dateReserved": "2022-03-31T16:50:27.874Z",
        "dateUpdated": "2024-10-11T18:07:59.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26345 (GCVE-0-2021-26345)

    Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-03 20:26
    VLAI
    Summary
    Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:38:22.990Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002, AMD-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26345",
        "datePublished": "2023-11-14T18:53:20.979Z",
        "dateReserved": "2021-01-29T21:24:26.145Z",
        "dateUpdated": "2024-08-03T20:26:24.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31315 (GCVE-0-2023-31315)

    Vulnerability from cvelistv5 – Published: 2024-08-09 17:08 – Updated: 2024-09-12 12:56
    VLAI
    Summary
    Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < Milan PI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various , < Naples PI 1.0.0.M (Platform Initialization)
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various , < Rome PI 1.0.0.J (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Unaffected: various , < Genoa PI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Unaffected: various , < EmbGenoaPI 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various , < CastlePeakPI-SP3r3 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors Affected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Unaffected: various , < CastlePeakWSPI-sWRX8 1.0.0.D (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < Picasso-FP5 1.0.1.2 (PI)
    Unaffected: various , < PollockPI-FT5 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various , < Picasso-FP5 1.0.1.2 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < RenoirPI-FP6 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < CezannePI-FP6 1.0.1.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Affected: various , < CezannePI-FP6 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < PhoenixPI-FP8-FP7 1.1.0.3 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: various , < DragonRangeFL1 1.0.0.3e (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various , < MendocinoPI-FT6 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics Unaffected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    amd 1st_gen_amd_epyc_processors Affected: 0 , < naples.pi.1.0.0.m (custom)
        cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 3rd_gen_amd_epyc_processors Affected: 0 , < milan.pi.1.0.0.d (custom)
        cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 2nd_gen_amd_epyc_processors Affected: 0 , < rome.pi.1.0.0.j (custom)
        cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: various
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 4th_gen_amd_epyc_processors Affected: 0 , < genoa_pi_1.0.0.c (custom)
        cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_3000 Affected: various
        cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7002 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7003 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_9003 Unaffected: 0 , < emgenoa.pi.1.0.0.7 (custom)
    Affected: various
        cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_7000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_5000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v3000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7040_series_mobile_processors_with_radeon_graphics Unaffected: various , < phoenixpi-fp8-fp7.1.1.0.3 (python)
        cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors_with_radeon_graphics Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_desktop_processors Affected: 0 , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 0 , < comboam4v2pi.1.2.0.cb (python)
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_3000_series_processors Affected: 0 , < castlepeakpl-sp3r3.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
    Affected: various , < castlepeakwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3000wx_series_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000_series_mobile_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
    Affected: various , < pollockpi-ft5.1.0.0.8 (python)
        cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_mobile_processors_with_radeon_graphics Unaffected: various , < renoirpi-fp6.1.0.0.e (python)
        cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_mobile_processors_with_radeon_graphics Unaffected: various , < cezannepi-fp6.1.0.1.1 (python)
        cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7030_series-mobile_processors_with_radeon_graphics Affected: various , < cezannepi-fp6 (python)
        cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7045_series_mobile_processors Unaffected: various , < dragonrangefl1.1.0.0.3e (python)
        cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6000_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7020_processors_with_radeongraphics Affected: various , < mendocinopi-ft6.1.0.0.7 (python)
        cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7035_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_8000_series_processors_with_radeongraphics Unaffected: various , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-09 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:56:32.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
              },
              {
                "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
              },
              {
                "url": "https://news.ycombinator.com/item?id=41475975"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "1st_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "naples.pi.1.0.0.m",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "3rd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milan.pi.1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "2nd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rome.pi.1.0.0.j",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "4th_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoa_pi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7002",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7003",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_9003",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "emgenoa.pi.1.0.0.7",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_7000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_5000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_3000_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_3000wx_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "pollockpi-ft5.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6.1.0.0.e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6.1.0.1.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7045_series_mobile_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1.1.0.0.3e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6000_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7020_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "mendocinopi-ft6.1.0.0.7",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7035_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_8000_series_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T17:29:59.373286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T14:54:02.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Milan PI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Naples PI 1.0.0.M",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Rome PI 1.0.0.J",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Genoa PI 1.0.0.C",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI 1.0.0.7",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "PollockPI-FT5 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RenoirPI-FP6 1.0.0.E",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6 1.0.1.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "DragonRangeFL1 1.0.0.3e",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MendocinoPI-FT6 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            }
          ],
          "datePublic": "2024-08-09T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T15:37:24.501Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31315",
        "datePublished": "2024-08-09T17:08:24.237Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-09-12T12:56:32.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21980 (GCVE-0-2024-21980)

    Vulnerability from cvelistv5 – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T20:52:33.557459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:00:57.665Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:06:36.216Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21980",
        "datePublished": "2024-08-05T16:06:36.216Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T21:00:57.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21978 (GCVE-0-2024-21978)

    Vulnerability from cvelistv5 – Published: 2024-08-05 16:05 – Updated: 2024-08-05 17:36
    VLAI
    Summary
    Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:01:18.171419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:36:02.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:05:34.019Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21978",
        "datePublished": "2024-08-05T16:05:34.019Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T17:36:02.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31355 (GCVE-0-2023-31355)

    Vulnerability from cvelistv5 – Published: 2024-08-05 16:04 – Updated: 2024-08-06 14:58
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31355",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T14:07:12.426239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:58:40.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:04:24.813Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31355",
        "datePublished": "2024-08-05T16:04:24.813Z",
        "dateReserved": "2023-04-27T15:25:41.428Z",
        "dateUpdated": "2024-08-06T14:58:40.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23829 (GCVE-0-2022-23829)

    Vulnerability from cvelistv5 – Published: 2024-06-18 19:01 – Updated: 2024-08-29 20:40
    VLAI
    Summary
    A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Mobile Processors and Workstations Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processor Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC (TM) Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V3000 Affected: various
    Create a notification for this product.
    amd ryzen_threadripper_pro_5995wx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6980hx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 18:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_5995wx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6980hx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23829",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:32:15.481387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:40:26.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC (TM) Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-06-11T18:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T19:01:57.007Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23829",
        "datePublished": "2024-06-18T19:01:24.315Z",
        "dateReserved": "2022-01-21T17:20:55.781Z",
        "dateUpdated": "2024-08-29T20:40:26.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20587 (GCVE-0-2023-20587)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:31 – Updated: 2025-05-07 21:10
    VLAI
    Summary
    Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T19:17:11.969537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T21:10:03.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 3000 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 7002 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC(TM) Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:33.392Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20587",
        "datePublished": "2024-02-13T19:31:22.706Z",
        "dateReserved": "2022-10-27T18:53:39.759Z",
        "dateUpdated": "2025-05-07T21:10:03.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31347 (GCVE-0-2023-31347)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:18 – Updated: 2025-03-17 17:46
    VLAI
    Summary
    Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Date Public
    2024-02-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:31.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31347",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T19:50:42.676211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T17:46:05.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u0026nbsp;\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:51.045Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31347",
        "datePublished": "2024-02-13T19:18:51.045Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-17T17:46:05.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31346 (GCVE-0-2023-31346)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:18 – Updated: 2025-03-20 20:27
    VLAI
    Summary
    Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T20:06:47.743045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:27:50.012Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:21.462Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31346",
        "datePublished": "2024-02-13T19:18:19.089Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-20T20:27:50.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20573 (GCVE-0-2023-20573)

    Vulnerability from cvelistv5 – Published: 2024-01-11 13:53 – Updated: 2025-06-20 16:12
    VLAI
    Title
    Debug Exception Delivery in Secure Nested Paging
    Summary
    A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    AMD
    References
    Date Public
    2024-01-09 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.2,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T20:36:55.598699Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T16:12:15.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            }
          ],
          "datePublic": "2024-01-09T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
                }
              ],
              "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-11T13:53:52.581Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3004",
            "discovery": "UNKNOWN"
          },
          "title": "Debug Exception Delivery in Secure Nested Paging",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20573",
        "datePublished": "2024-01-11T13:53:52.581Z",
        "dateReserved": "2022-10-27T18:53:39.755Z",
        "dateUpdated": "2025-06-20T16:12:15.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20592 (GCVE-0-2023-20592)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-10-11 18:07
    VLAI
    Summary
    Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:51.383280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T18:07:49.421Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:54:13.255Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3005"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3005",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20592",
        "datePublished": "2023-11-14T18:54:13.255Z",
        "dateReserved": "2022-10-27T18:53:39.762Z",
        "dateUpdated": "2024-10-11T18:07:49.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20566 (GCVE-0-2023-20566)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
    VLAI
    Summary
    Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T20:58:09.078592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:26:45.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:36:52.542Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20566",
        "datePublished": "2023-11-14T18:54:00.908Z",
        "dateReserved": "2022-10-27T18:53:39.753Z",
        "dateUpdated": "2024-12-03T14:26:45.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }