Search
Find a vulnerability
Search criteria
8 vulnerabilities found for AMD EPYC™ 7002 Processors by AMD
CVE-2024-21925 (GCVE-0-2024-21925)
Vulnerability from nvd – Published: 2025-02-11 20:39 – Updated: 2025-06-27 21:55
VLAI
Summary
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
37 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
Naples PI 1.0.0.N
|
|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
Rome PI 1.0.0.K
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
Genoa PI 1.0.0.D
|
|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
Milan PI 1.0.0.E
|
|
| AMD | AMD Ryzen™ 3000 Series Desktop Processors |
Unaffected:
ComboAM4PI 1.0.0.C
Unaffected: ComboAM4v2PI 1.2.0.D |
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors |
Unaffected:
ComboAM4v2PI 1.2.0.D
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics |
Unaffected:
ComboAM4v2PI 1.2.0.D
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
ComboAM5PI 1.2.0.2b
Unaffected: ComboAM5PI 1.1.0.3b Unaffected: ComboAM5PI 1.0.0.a |
|
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
ComboAM4PI 1.0.0.C
Unaffected: ComboAM4v2PI 1.2.0.D |
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics |
Unaffected:
ComboAM4v2PI 1.2.0.D
|
|
| AMD | AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics |
Unaffected:
ComboAM5PI 1.2.0.2b
Unaffected: ComboAM5PI 1.1.0.3b |
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors |
Unaffected:
CastlePeakPI-SP3r3 1.0.0.D
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
Unaffected:
CastlePeakWSPI-sWRX8 1.0.0.F
Unaffected: ChagallWSPI-sWRX8 1.0.0.9 |
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.9
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
StormPeakPI-SP6 1.1.0.0h
Unaffected: StormPeakPI-SP6 1.0.0.1j |
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.1.2a
Unaffected: PollockPI-FT5 1.0.0.8a |
|
| AMD | AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.1.2a
|
|
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
RenoirPI-FP6 1.0.0.Ea
|
|
| AMD | AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics |
Unaffected:
CezannePI-FP6 1.0.1.1a
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6 1.0.0.7a
|
|
| AMD | AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.Ba
|
|
| AMD | AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.Ba
|
|
| AMD | AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics |
Unaffected:
PhoenixPI-FP8-FP7 1.1.8.0
|
|
| AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PhoenixPI-FP8-FP7 1.1.8.0
|
|
| AMD | AMD Ryzen™ 7000 Series Mobile Processors |
Unaffected:
DragonRangeFL1PI 1.0.0.3f
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Unaffected:
SnowyOwlPI 1.1.0.E
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Unaffected:
EmbRomePI-SP3 1.0.0.D
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Unaffected:
EmbMilanPI-SP3 1.0.0.A
|
|
| AMD | AMD EPYC™ Embedded 9004 |
Unaffected:
EmbGenoaPI 1.0.0.9
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Unaffected:
EmbAM4PI 1.0.0.7
|
|
| AMD | AMD Ryzen™ Embedded 7000 |
Unaffected:
EmbeddedV2KAPI-FP6 1.0.0.7
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Unaffected:
EmbeddedPI-FP6 1.0.0.B
|
|
| AMD | AMD Ryzen™ Embedded V3000 |
Unaffected:
EmbeddedPI_FP7R2 1.0.0.C
|
|
| AMD | AMD Ryzen™ Embedded 8000 |
Unaffected:
EmbeddedPhoenixPI-FP7r2_1.2.0.0
|
|
| AMD | AMD Ryzen™ Embedded R1000 |
Unaffected:
EmbeddedPI-FP5 1.2.0.F
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Unaffected:
EmbeddedR2KPIFP5 1.0.0.5
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Unaffected:
EmbeddedPI-FP5 1.2.0.F
|
Date Public
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:01:07.683566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:35:34.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Naples PI 1.0.0.N"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rome PI 1.0.0.K"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Genoa PI 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Milan PI 1.0.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.0.0.a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.F"
},
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.1.0.0h"
},
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.0.0.1j"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
},
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.8a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.Ea"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.1.1a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.7a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3f"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwlPI 1.1.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedV2KAPI-FP6 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.B"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI_FP7R2 1.0.0.C"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 8000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPIFP5 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:55:43.707Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21925",
"datePublished": "2025-02-11T20:39:03.746Z",
"dateReserved": "2024-01-03T16:43:09.232Z",
"dateUpdated": "2025-06-27T21:55:43.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21924 (GCVE-0-2024-21924)
Vulnerability from nvd – Published: 2025-02-11 20:18 – Updated: 2025-02-11 20:52
VLAI
Summary
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
Rome PI 1.0.0.K
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.9
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
Unaffected:
CastlePeakWSPI-sWRX8 1.0.0.E
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.9
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
StormPeakPI-SP6 1.1.0.0h
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
StormPeakPI-SP6 1.0.0.1j
|
|
| AMD | AMD EPYC™ Embedded 7002 Processors |
Unaffected:
EmbRomePI-SP3 1.0.0.D
|
Date Public
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T20:52:10.826130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:52:32.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rome PI 1.0.0.K"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.1.0.0h"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.0.0.1j"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.D"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
}
],
"value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:18:50.402Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21924",
"datePublished": "2025-02-11T20:18:50.402Z",
"dateReserved": "2024-01-03T16:43:09.232Z",
"dateUpdated": "2025-02-11T20:52:32.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from nvd – Published: 2024-08-13 16:52 – Updated: 2025-03-18 20:03
VLAI
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
NaplesPI 1.0.0.K
(PI)
|
|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
RomePI 1.0.0.G
|
|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.B
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.2
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
ComboAM5 1.0.0.1
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.7
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6 1.0.0.0
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Unaffected:
SnowyOwl PI 1.1.0.A
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Unaffected:
EmbRomePI-SP3 1.0.0.A
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Unaffected:
EmbMilanPI-SP3 1.0.0.7
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Unaffected:
EmbGenoaPI-SP5 1.0.0.0
|
|
| AMD | AMD Ryzen™ Embedded 7000 |
Unaffected:
EmbeddedAM5PI 1.0.0.0
|
|
| AMD | AMD RyzenTM Embedded V3000 |
Unaffected:
EmbeddedPI-FP7r2 1.0.0.8
|
|
| amd | epyc_7001 |
Unaffected:
1.0.0.k
cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* |
|
| amd | epyc_7002 |
Unaffected:
1.0.0.g
cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:* |
|
| amd | epyc_9004 |
Unaffected:
1.0.0.2
cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_3000 |
Unaffected:
1.1.0.a
cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7002 |
Unaffected:
1.0.0.a
cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7003 |
Unaffected:
1.0.0.7
cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_9003 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_7000 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_v3000 |
Unaffected:
1.0.0.8
cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:* |
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7001",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.k"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.g"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9004",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.1.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_9003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_7000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T15:56:35.845479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:03:43.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:58.457Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20578",
"datePublished": "2024-08-13T16:52:58.457Z",
"dateReserved": "2022-10-27T18:53:39.757Z",
"dateUpdated": "2025-03-18T20:03:43.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46746 (GCVE-0-2021-46746)
Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
VLAI
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing
keys to c006Frrupt the return address, causing a
stack-based buffer overrun, potentially leading to a denial of service.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
35 products
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:06:22.367564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:57:25.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "ComboAM5 1.0.8.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "PollockPI-FT5 1.0.0.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.2"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:50:51.023Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46746",
"datePublished": "2024-08-13T16:50:51.023Z",
"dateReserved": "2022-03-31T16:50:27.864Z",
"dateUpdated": "2024-10-31T13:57:25.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21925 (GCVE-0-2024-21925)
Vulnerability from cvelistv5 – Published: 2025-02-11 20:39 – Updated: 2025-06-27 21:55
VLAI
Summary
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
37 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
Naples PI 1.0.0.N
|
|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
Rome PI 1.0.0.K
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
Genoa PI 1.0.0.D
|
|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
Milan PI 1.0.0.E
|
|
| AMD | AMD Ryzen™ 3000 Series Desktop Processors |
Unaffected:
ComboAM4PI 1.0.0.C
Unaffected: ComboAM4v2PI 1.2.0.D |
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors |
Unaffected:
ComboAM4v2PI 1.2.0.D
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics |
Unaffected:
ComboAM4v2PI 1.2.0.D
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
ComboAM5PI 1.2.0.2b
Unaffected: ComboAM5PI 1.1.0.3b Unaffected: ComboAM5PI 1.0.0.a |
|
| AMD | AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics |
Unaffected:
ComboAM4PI 1.0.0.C
Unaffected: ComboAM4v2PI 1.2.0.D |
|
| AMD | AMD Ryzen™ 4000 Series Desktop Processor with Radeon™ Graphics |
Unaffected:
ComboAM4v2PI 1.2.0.D
|
|
| AMD | AMD Ryzen™ 8000 Series Processor with Radeon™ Graphics |
Unaffected:
ComboAM5PI 1.2.0.2b
Unaffected: ComboAM5PI 1.1.0.3b |
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors |
Unaffected:
CastlePeakPI-SP3r3 1.0.0.D
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
Unaffected:
CastlePeakWSPI-sWRX8 1.0.0.F
Unaffected: ChagallWSPI-sWRX8 1.0.0.9 |
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.9
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
StormPeakPI-SP6 1.1.0.0h
Unaffected: StormPeakPI-SP6 1.0.0.1j |
|
| AMD | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.1.2a
Unaffected: PollockPI-FT5 1.0.0.8a |
|
| AMD | AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics |
Unaffected:
PicassoPI-FP5 1.0.1.2a
|
|
| AMD | AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
RenoirPI-FP6 1.0.0.Ea
|
|
| AMD | AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics |
Unaffected:
CezannePI-FP6 1.0.1.1a
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6 1.0.0.7a
|
|
| AMD | AMD Ryzen™ 6000 Series Processor with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.Ba
|
|
| AMD | AMD Ryzen™ 7035 Series Processor with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.Ba
|
|
| AMD | AMD Ryzen™ 7040 Series Processors with Radeon™ Graphics |
Unaffected:
PhoenixPI-FP8-FP7 1.1.8.0
|
|
| AMD | AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics |
Unaffected:
PhoenixPI-FP8-FP7 1.1.8.0
|
|
| AMD | AMD Ryzen™ 7000 Series Mobile Processors |
Unaffected:
DragonRangeFL1PI 1.0.0.3f
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Unaffected:
SnowyOwlPI 1.1.0.E
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Unaffected:
EmbRomePI-SP3 1.0.0.D
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Unaffected:
EmbMilanPI-SP3 1.0.0.A
|
|
| AMD | AMD EPYC™ Embedded 9004 |
Unaffected:
EmbGenoaPI 1.0.0.9
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Unaffected:
EmbAM4PI 1.0.0.7
|
|
| AMD | AMD Ryzen™ Embedded 7000 |
Unaffected:
EmbeddedV2KAPI-FP6 1.0.0.7
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Unaffected:
EmbeddedPI-FP6 1.0.0.B
|
|
| AMD | AMD Ryzen™ Embedded V3000 |
Unaffected:
EmbeddedPI_FP7R2 1.0.0.C
|
|
| AMD | AMD Ryzen™ Embedded 8000 |
Unaffected:
EmbeddedPhoenixPI-FP7r2_1.2.0.0
|
|
| AMD | AMD Ryzen™ Embedded R1000 |
Unaffected:
EmbeddedPI-FP5 1.2.0.F
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Unaffected:
EmbeddedR2KPIFP5 1.0.0.5
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Unaffected:
EmbeddedPI-FP5 1.2.0.F
|
Date Public
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:01:07.683566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:35:34.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Naples PI 1.0.0.N"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rome PI 1.0.0.K"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Genoa PI 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Milan PI 1.0.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.0.0.a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.F"
},
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.1.0.0h"
},
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.0.0.1j"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
},
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.8a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.Ea"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.1.1a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.7a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3f"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwlPI 1.1.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedV2KAPI-FP6 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.B"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI_FP7R2 1.0.0.C"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 8000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPIFP5 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:55:43.707Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21925",
"datePublished": "2025-02-11T20:39:03.746Z",
"dateReserved": "2024-01-03T16:43:09.232Z",
"dateUpdated": "2025-06-27T21:55:43.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21924 (GCVE-0-2024-21924)
Vulnerability from cvelistv5 – Published: 2025-02-11 20:18 – Updated: 2025-02-11 20:52
VLAI
Summary
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
Rome PI 1.0.0.K
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.9
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
Unaffected:
CastlePeakWSPI-sWRX8 1.0.0.E
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.9
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
StormPeakPI-SP6 1.1.0.0h
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors |
Unaffected:
StormPeakPI-SP6 1.0.0.1j
|
|
| AMD | AMD EPYC™ Embedded 7002 Processors |
Unaffected:
EmbRomePI-SP3 1.0.0.D
|
Date Public
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T20:52:10.826130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:52:32.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rome PI 1.0.0.K"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.1.0.0h"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.0.0.1j"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.D"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
}
],
"value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T20:18:50.402Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21924",
"datePublished": "2025-02-11T20:18:50.402Z",
"dateReserved": "2024-01-03T16:43:09.232Z",
"dateUpdated": "2025-02-11T20:52:32.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:52 – Updated: 2025-03-18 20:03
VLAI
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
NaplesPI 1.0.0.K
(PI)
|
|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
RomePI 1.0.0.G
|
|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.B
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.2
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
ComboAM5 1.0.0.1
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.7
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6 1.0.0.0
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Unaffected:
SnowyOwl PI 1.1.0.A
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Unaffected:
EmbRomePI-SP3 1.0.0.A
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Unaffected:
EmbMilanPI-SP3 1.0.0.7
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Unaffected:
EmbGenoaPI-SP5 1.0.0.0
|
|
| AMD | AMD Ryzen™ Embedded 7000 |
Unaffected:
EmbeddedAM5PI 1.0.0.0
|
|
| AMD | AMD RyzenTM Embedded V3000 |
Unaffected:
EmbeddedPI-FP7r2 1.0.0.8
|
|
| amd | epyc_7001 |
Unaffected:
1.0.0.k
cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* |
|
| amd | epyc_7002 |
Unaffected:
1.0.0.g
cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:* |
|
| amd | epyc_9004 |
Unaffected:
1.0.0.2
cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_3000 |
Unaffected:
1.1.0.a
cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7002 |
Unaffected:
1.0.0.a
cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7003 |
Unaffected:
1.0.0.7
cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_9003 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_7000 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_v3000 |
Unaffected:
1.0.0.8
cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:* |
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7001",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.k"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.g"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9004",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.1.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_9003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_7000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T15:56:35.845479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:03:43.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:58.457Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20578",
"datePublished": "2024-08-13T16:52:58.457Z",
"dateReserved": "2022-10-27T18:53:39.757Z",
"dateUpdated": "2025-03-18T20:03:43.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46746 (GCVE-0-2021-46746)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
VLAI
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing
keys to c006Frrupt the return address, causing a
stack-based buffer overrun, potentially leading to a denial of service.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
35 products
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:06:22.367564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:57:25.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "ComboAM5 1.0.8.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "PollockPI-FT5 1.0.0.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.2"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:50:51.023Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46746",
"datePublished": "2024-08-13T16:50:51.023Z",
"dateReserved": "2022-03-31T16:50:27.864Z",
"dateUpdated": "2024-10-31T13:57:25.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}