Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for 4th Gen AMD EPYC™ Processors by AMD

    CVE-2023-31315 (GCVE-0-2023-31315)

    Vulnerability from nvd – Published: 2024-08-09 17:08 – Updated: 2024-09-12 12:56
    VLAI
    Summary
    Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < Milan PI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various , < Naples PI 1.0.0.M (Platform Initialization)
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various , < Rome PI 1.0.0.J (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Unaffected: various , < Genoa PI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Unaffected: various , < EmbGenoaPI 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various , < CastlePeakPI-SP3r3 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors Affected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Unaffected: various , < CastlePeakWSPI-sWRX8 1.0.0.D (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < Picasso-FP5 1.0.1.2 (PI)
    Unaffected: various , < PollockPI-FT5 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various , < Picasso-FP5 1.0.1.2 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < RenoirPI-FP6 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < CezannePI-FP6 1.0.1.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Affected: various , < CezannePI-FP6 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < PhoenixPI-FP8-FP7 1.1.0.3 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: various , < DragonRangeFL1 1.0.0.3e (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various , < MendocinoPI-FT6 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics Unaffected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    amd 1st_gen_amd_epyc_processors Affected: 0 , < naples.pi.1.0.0.m (custom)
        cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 3rd_gen_amd_epyc_processors Affected: 0 , < milan.pi.1.0.0.d (custom)
        cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 2nd_gen_amd_epyc_processors Affected: 0 , < rome.pi.1.0.0.j (custom)
        cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: various
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 4th_gen_amd_epyc_processors Affected: 0 , < genoa_pi_1.0.0.c (custom)
        cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_3000 Affected: various
        cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7002 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7003 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_9003 Unaffected: 0 , < emgenoa.pi.1.0.0.7 (custom)
    Affected: various
        cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_7000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_5000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v3000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7040_series_mobile_processors_with_radeon_graphics Unaffected: various , < phoenixpi-fp8-fp7.1.1.0.3 (python)
        cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors_with_radeon_graphics Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_desktop_processors Affected: 0 , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 0 , < comboam4v2pi.1.2.0.cb (python)
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_3000_series_processors Affected: 0 , < castlepeakpl-sp3r3.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
    Affected: various , < castlepeakwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3000wx_series_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000_series_mobile_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
    Affected: various , < pollockpi-ft5.1.0.0.8 (python)
        cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_mobile_processors_with_radeon_graphics Unaffected: various , < renoirpi-fp6.1.0.0.e (python)
        cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_mobile_processors_with_radeon_graphics Unaffected: various , < cezannepi-fp6.1.0.1.1 (python)
        cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7030_series-mobile_processors_with_radeon_graphics Affected: various , < cezannepi-fp6 (python)
        cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7045_series_mobile_processors Unaffected: various , < dragonrangefl1.1.0.0.3e (python)
        cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6000_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7020_processors_with_radeongraphics Affected: various , < mendocinopi-ft6.1.0.0.7 (python)
        cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7035_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_8000_series_processors_with_radeongraphics Unaffected: various , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-09 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:56:32.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
              },
              {
                "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
              },
              {
                "url": "https://news.ycombinator.com/item?id=41475975"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "1st_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "naples.pi.1.0.0.m",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "3rd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milan.pi.1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "2nd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rome.pi.1.0.0.j",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "4th_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoa_pi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7002",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7003",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_9003",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "emgenoa.pi.1.0.0.7",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_7000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_5000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_3000_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_3000wx_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "pollockpi-ft5.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6.1.0.0.e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6.1.0.1.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7045_series_mobile_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1.1.0.0.3e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6000_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7020_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "mendocinopi-ft6.1.0.0.7",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7035_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_8000_series_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T17:29:59.373286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T14:54:02.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Milan PI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Naples PI 1.0.0.M",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Rome PI 1.0.0.J",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Genoa PI 1.0.0.C",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI 1.0.0.7",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "PollockPI-FT5 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RenoirPI-FP6 1.0.0.E",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6 1.0.1.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "DragonRangeFL1 1.0.0.3e",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MendocinoPI-FT6 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            }
          ],
          "datePublic": "2024-08-09T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T15:37:24.501Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31315",
        "datePublished": "2024-08-09T17:08:24.237Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-09-12T12:56:32.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21980 (GCVE-0-2024-21980)

    Vulnerability from nvd – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T20:52:33.557459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:00:57.665Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:06:36.216Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21980",
        "datePublished": "2024-08-05T16:06:36.216Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T21:00:57.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21978 (GCVE-0-2024-21978)

    Vulnerability from nvd – Published: 2024-08-05 16:05 – Updated: 2024-08-05 17:36
    VLAI
    Summary
    Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:01:18.171419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:36:02.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:05:34.019Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21978",
        "datePublished": "2024-08-05T16:05:34.019Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T17:36:02.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31355 (GCVE-0-2023-31355)

    Vulnerability from nvd – Published: 2024-08-05 16:04 – Updated: 2024-08-06 14:58
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31355",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T14:07:12.426239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:58:40.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:04:24.813Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31355",
        "datePublished": "2024-08-05T16:04:24.813Z",
        "dateReserved": "2023-04-27T15:25:41.428Z",
        "dateUpdated": "2024-08-06T14:58:40.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31347 (GCVE-0-2023-31347)

    Vulnerability from nvd – Published: 2024-02-13 19:18 – Updated: 2025-03-17 17:46
    VLAI
    Summary
    Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Date Public
    2024-02-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:31.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31347",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T19:50:42.676211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T17:46:05.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u0026nbsp;\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:51.045Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31347",
        "datePublished": "2024-02-13T19:18:51.045Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-17T17:46:05.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31346 (GCVE-0-2023-31346)

    Vulnerability from nvd – Published: 2024-02-13 19:18 – Updated: 2025-03-20 20:27
    VLAI
    Summary
    Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T20:06:47.743045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:27:50.012Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:21.462Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31346",
        "datePublished": "2024-02-13T19:18:19.089Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-20T20:27:50.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20587 (GCVE-0-2023-20587)

    Vulnerability from nvd – Published: 2024-02-13 19:31 – Updated: 2025-05-07 21:10
    VLAI
    Summary
    Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T19:17:11.969537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T21:10:03.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 3000 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 7002 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC(TM) Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:33.392Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20587",
        "datePublished": "2024-02-13T19:31:22.706Z",
        "dateReserved": "2022-10-27T18:53:39.759Z",
        "dateUpdated": "2025-05-07T21:10:03.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20573 (GCVE-0-2023-20573)

    Vulnerability from nvd – Published: 2024-01-11 13:53 – Updated: 2025-06-20 16:12
    VLAI
    Title
    Debug Exception Delivery in Secure Nested Paging
    Summary
    A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    AMD
    References
    Date Public
    2024-01-09 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.2,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T20:36:55.598699Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T16:12:15.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            }
          ],
          "datePublic": "2024-01-09T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
                }
              ],
              "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-11T13:53:52.581Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3004",
            "discovery": "UNKNOWN"
          },
          "title": "Debug Exception Delivery in Secure Nested Paging",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20573",
        "datePublished": "2024-01-11T13:53:52.581Z",
        "dateReserved": "2022-10-27T18:53:39.755Z",
        "dateUpdated": "2025-06-20T16:12:15.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20566 (GCVE-0-2023-20566)

    Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
    VLAI
    Summary
    Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T20:58:09.078592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:26:45.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:36:52.542Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20566",
        "datePublished": "2023-11-14T18:54:00.908Z",
        "dateReserved": "2022-10-27T18:53:39.753Z",
        "dateUpdated": "2024-12-03T14:26:45.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20519 (GCVE-0-2023-20519)

    Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-30 18:03
    VLAI
    Summary
    A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-30T18:03:44.986937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-30T18:03:55.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest\u0027s migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest\u0027s migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:53:36.329Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20519",
        "datePublished": "2023-11-14T18:53:36.329Z",
        "dateReserved": "2022-10-27T18:53:39.736Z",
        "dateUpdated": "2024-08-30T18:03:55.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46774 (GCVE-0-2021-46774)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
    VLAI
    Summary
    Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:52.542045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T18:07:59.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122  Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:31:43.449Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46774",
        "datePublished": "2023-11-14T18:52:11.012Z",
        "dateReserved": "2022-03-31T16:50:27.874Z",
        "dateUpdated": "2024-10-11T18:07:59.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46766 (GCVE-0-2021-46766)

    Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2024-08-04 05:17
    VLAI
    Summary
    Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:40:54.027Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46766",
        "datePublished": "2023-11-14T18:51:58.036Z",
        "dateReserved": "2022-03-31T16:50:27.871Z",
        "dateUpdated": "2024-08-04T05:17:42.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26345 (GCVE-0-2021-26345)

    Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-03 20:26
    VLAI
    Summary
    Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:38:22.990Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002, AMD-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26345",
        "datePublished": "2023-11-14T18:53:20.979Z",
        "dateReserved": "2021-01-29T21:24:26.145Z",
        "dateUpdated": "2024-08-03T20:26:24.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20575 (GCVE-0-2023-20575)

    Vulnerability from nvd – Published: 2023-07-11 18:29 – Updated: 2024-11-27 16:01
    VLAI
    Summary
    A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Date Public
    2023-07-11 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20575",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T15:57:15.725721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T16:01:14.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program\u2019s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\nA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program\u2019s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T18:29:02.607Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3004",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20575",
        "datePublished": "2023-07-11T18:29:02.607Z",
        "dateReserved": "2022-10-27T18:53:39.756Z",
        "dateUpdated": "2024-11-27T16:01:14.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31315 (GCVE-0-2023-31315)

    Vulnerability from cvelistv5 – Published: 2024-08-09 17:08 – Updated: 2024-09-12 12:56
    VLAI
    Summary
    Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < Milan PI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various , < Naples PI 1.0.0.M (Platform Initialization)
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various , < Rome PI 1.0.0.J (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Unaffected: various , < Genoa PI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Unaffected: various , < EmbGenoaPI 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various , < CastlePeakPI-SP3r3 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors Affected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Unaffected: various , < CastlePeakWSPI-sWRX8 1.0.0.D (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < Picasso-FP5 1.0.1.2 (PI)
    Unaffected: various , < PollockPI-FT5 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various , < Picasso-FP5 1.0.1.2 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < RenoirPI-FP6 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < CezannePI-FP6 1.0.1.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Affected: various , < CezannePI-FP6 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < PhoenixPI-FP8-FP7 1.1.0.3 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: various , < DragonRangeFL1 1.0.0.3e (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various , < MendocinoPI-FT6 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics Unaffected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    amd 1st_gen_amd_epyc_processors Affected: 0 , < naples.pi.1.0.0.m (custom)
        cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 3rd_gen_amd_epyc_processors Affected: 0 , < milan.pi.1.0.0.d (custom)
        cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 2nd_gen_amd_epyc_processors Affected: 0 , < rome.pi.1.0.0.j (custom)
        cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: various
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 4th_gen_amd_epyc_processors Affected: 0 , < genoa_pi_1.0.0.c (custom)
        cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_3000 Affected: various
        cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7002 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7003 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_9003 Unaffected: 0 , < emgenoa.pi.1.0.0.7 (custom)
    Affected: various
        cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_7000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_5000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v3000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7040_series_mobile_processors_with_radeon_graphics Unaffected: various , < phoenixpi-fp8-fp7.1.1.0.3 (python)
        cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors_with_radeon_graphics Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_desktop_processors Affected: 0 , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 0 , < comboam4v2pi.1.2.0.cb (python)
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_3000_series_processors Affected: 0 , < castlepeakpl-sp3r3.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
    Affected: various , < castlepeakwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3000wx_series_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000_series_mobile_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
    Affected: various , < pollockpi-ft5.1.0.0.8 (python)
        cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_mobile_processors_with_radeon_graphics Unaffected: various , < renoirpi-fp6.1.0.0.e (python)
        cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_mobile_processors_with_radeon_graphics Unaffected: various , < cezannepi-fp6.1.0.1.1 (python)
        cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7030_series-mobile_processors_with_radeon_graphics Affected: various , < cezannepi-fp6 (python)
        cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7045_series_mobile_processors Unaffected: various , < dragonrangefl1.1.0.0.3e (python)
        cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6000_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7020_processors_with_radeongraphics Affected: various , < mendocinopi-ft6.1.0.0.7 (python)
        cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7035_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_8000_series_processors_with_radeongraphics Unaffected: various , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-09 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:56:32.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
              },
              {
                "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
              },
              {
                "url": "https://news.ycombinator.com/item?id=41475975"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "1st_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "naples.pi.1.0.0.m",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "3rd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milan.pi.1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "2nd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rome.pi.1.0.0.j",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "4th_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoa_pi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7002",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7003",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_9003",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "emgenoa.pi.1.0.0.7",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_7000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_5000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_3000_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_3000wx_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "pollockpi-ft5.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6.1.0.0.e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6.1.0.1.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7045_series_mobile_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1.1.0.0.3e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6000_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7020_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "mendocinopi-ft6.1.0.0.7",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7035_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_8000_series_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T17:29:59.373286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T14:54:02.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Milan PI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Naples PI 1.0.0.M",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Rome PI 1.0.0.J",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Genoa PI 1.0.0.C",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI 1.0.0.7",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "PollockPI-FT5 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RenoirPI-FP6 1.0.0.E",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6 1.0.1.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "DragonRangeFL1 1.0.0.3e",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MendocinoPI-FT6 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            }
          ],
          "datePublic": "2024-08-09T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T15:37:24.501Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31315",
        "datePublished": "2024-08-09T17:08:24.237Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-09-12T12:56:32.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21980 (GCVE-0-2024-21980)

    Vulnerability from cvelistv5 – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21980",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T20:52:33.557459Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:00:57.665Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:06:36.216Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21980",
        "datePublished": "2024-08-05T16:06:36.216Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T21:00:57.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21978 (GCVE-0-2024-21978)

    Vulnerability from cvelistv5 – Published: 2024-08-05 16:05 – Updated: 2024-08-05 17:36
    VLAI
    Summary
    Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.9_sp3 (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.7_sp5 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.d (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.c (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.9_sp3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.7_sp5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:01:18.171419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:36:02.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:05:34.019Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21978",
        "datePublished": "2024-08-05T16:05:34.019Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-05T17:36:02.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31355 (GCVE-0-2023-31355)

    Vulnerability from cvelistv5 – Published: 2024-08-05 16:04 – Updated: 2024-08-06 14:58
    VLAI
    Summary
    Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < MilanPI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Affected: various , < GenoaPI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various , < EmbMilanPI-SP3 1.0.0.9 (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Affected: various , < EmbGenoaPI-SP5 1.0.0.7 (Platform Initialization)
    Create a notification for this product.
    Date Public
    2024-08-05 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31355",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T14:07:12.426239Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:58:40.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MilanPI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "GenoaPI 1.0.0.C",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbMilanPI-SP3 1.0.0.9",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI-SP5 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            }
          ],
          "datePublic": "2024-08-05T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-05T16:04:24.813Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31355",
        "datePublished": "2024-08-05T16:04:24.813Z",
        "dateReserved": "2023-04-27T15:25:41.428Z",
        "dateUpdated": "2024-08-06T14:58:40.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20587 (GCVE-0-2023-20587)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:31 – Updated: 2025-05-07 21:10
    VLAI
    Summary
    Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.265Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20587",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T19:17:11.969537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T21:10:03.008Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 3000 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 7002 ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC(TM) Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD EPYC(TM) Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in System Management Mode (SMM) may allow an attacker access to\nthe SPI flash potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:33.392Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20587",
        "datePublished": "2024-02-13T19:31:22.706Z",
        "dateReserved": "2022-10-27T18:53:39.759Z",
        "dateUpdated": "2025-05-07T21:10:03.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31347 (GCVE-0-2023-31347)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:18 – Updated: 2025-03-17 17:46
    VLAI
    Summary
    Due to a code bug in Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled potentially resulting in a loss of guest integrity.  
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Date Public
    2024-02-14 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:31.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31347",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T19:50:42.676211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-682",
                    "description": "CWE-682 Incorrect Calculation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T17:46:05.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-14T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u0026nbsp;\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:51.045Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31347",
        "datePublished": "2024-02-13T19:18:51.045Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-17T17:46:05.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31346 (GCVE-0-2023-31346)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:18 – Updated: 2025-03-20 20:27
    VLAI
    Summary
    Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T20:06:47.743045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T20:27:50.012Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:53:30.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:18:21.462Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31346",
        "datePublished": "2024-02-13T19:18:19.089Z",
        "dateReserved": "2023-04-27T15:25:41.427Z",
        "dateUpdated": "2025-03-20T20:27:50.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20573 (GCVE-0-2023-20573)

    Vulnerability from cvelistv5 – Published: 2024-01-11 13:53 – Updated: 2025-06-20 16:12
    VLAI
    Title
    Debug Exception Delivery in Secure Nested Paging
    Summary
    A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    AMD
    References
    Date Public
    2024-01-09 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.236Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.2,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T20:36:55.598699Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T16:12:15.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            }
          ],
          "datePublic": "2024-01-09T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
                }
              ],
              "value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-11T13:53:52.581Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3004",
            "discovery": "UNKNOWN"
          },
          "title": "Debug Exception Delivery in Secure Nested Paging",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20573",
        "datePublished": "2024-01-11T13:53:52.581Z",
        "dateReserved": "2022-10-27T18:53:39.755Z",
        "dateUpdated": "2025-06-20T16:12:15.413Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20566 (GCVE-0-2023-20566)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
    VLAI
    Summary
    Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T20:58:09.078592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T14:26:45.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:36:52.542Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20566",
        "datePublished": "2023-11-14T18:54:00.908Z",
        "dateReserved": "2022-10-27T18:53:39.753Z",
        "dateUpdated": "2024-12-03T14:26:45.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20519 (GCVE-0-2023-20519)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:53 – Updated: 2024-08-30 18:03
    VLAI
    Summary
    A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-30T18:03:44.986937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-30T18:03:55.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest\u0027s migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest\u0027s migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-14T18:53:36.329Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20519",
        "datePublished": "2023-11-14T18:53:36.329Z",
        "dateReserved": "2022-10-27T18:53:39.736Z",
        "dateUpdated": "2024-08-30T18:03:55.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26345 (GCVE-0-2021-26345)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:53 – Updated: 2024-08-03 20:26
    VLAI
    Summary
    Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:38:22.990Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3002, AMD-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26345",
        "datePublished": "2023-11-14T18:53:20.979Z",
        "dateReserved": "2021-01-29T21:24:26.145Z",
        "dateUpdated": "2024-08-03T20:26:24.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46774 (GCVE-0-2021-46774)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
    VLAI
    Summary
    Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:51:52.542045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T18:07:59.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122  Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:31:43.449Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46774",
        "datePublished": "2023-11-14T18:52:11.012Z",
        "dateReserved": "2022-03-31T16:50:27.874Z",
        "dateUpdated": "2024-10-11T18:07:59.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46766 (GCVE-0-2021-46766)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2024-08-04 05:17
    VLAI
    Summary
    Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
    Assigner
    AMD
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors  \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:40:54.027Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46766",
        "datePublished": "2023-11-14T18:51:58.036Z",
        "dateReserved": "2022-03-31T16:50:27.871Z",
        "dateUpdated": "2024-08-04T05:17:42.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20575 (GCVE-0-2023-20575)

    Vulnerability from cvelistv5 – Published: 2023-07-11 18:29 – Updated: 2024-11-27 16:01
    VLAI
    Summary
    A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Date Public
    2023-07-11 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20575",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-27T15:57:15.725721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-27T16:01:14.610Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program\u2019s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\nA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program\u2019s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-11T18:29:02.607Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3004"
            }
          ],
          "source": {
            "advisory": "AMD-SB-3004",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20575",
        "datePublished": "2023-07-11T18:29:02.607Z",
        "dateReserved": "2022-10-27T18:53:39.756Z",
        "dateUpdated": "2024-11-27T16:01:14.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }