Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities found for AMD EPYC™ 9004 Processors by AMD
CVE-2023-31345 (GCVE-0-2023-31345)
Vulnerability from nvd – Published: 2025-02-11 23:49 – Updated: 2026-02-26 19:08
VLAI?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T03:55:32.067831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:50.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "MilanPI 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MI300API 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Pollock-FT5 1.0.0.7\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Picasso-FP5 1.0.1.1\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"RenoirPI-FP6 1.0.0.D\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Cezanne-FP6 1.0.1.0\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"MendocinoPI-FT6 1.0.0.6\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"DragonRangeFL1PI 1.0.0.3C\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbMilanPI-SP3 1.0.0.8\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbAM4PI 1.0.0.5\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbeddedPI-FP6 1.0.0.9\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Embedded-PI FP7r2 1.0.0.9\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1274",
"description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:25:15.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31345",
"datePublished": "2025-02-11T23:49:05.388Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2026-02-26T19:08:50.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31352 (GCVE-0-2023-31352)
Vulnerability from nvd – Published: 2025-02-11 22:44 – Updated: 2025-02-12 15:34
VLAI?
Summary
A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.
Severity ?
6 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:34:35.335247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:34:40.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.C"
},
{
"status": "unaffected",
"version": "SEV FW1.55.36"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
}
],
"value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T23:34:42.830Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31352",
"datePublished": "2025-02-11T22:44:28.001Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2025-02-12T15:34:40.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31343 (GCVE-0-2023-31343)
Vulnerability from nvd – Published: 2025-02-11 22:35 – Updated: 2025-09-23 21:39
VLAI?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:34:57.941103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:35:05.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MI300API 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Pollock-FT5 1.0.0.7\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Picasso-FP5 1.0.1.1\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"RenoirPI-FP6 1.0.0.D\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Cezanne-FP6 1.0.1.0\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"MendocinoPI-FT6 1.0.0.6\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"DragonRangeFL1PI 1.0.0.3C\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbMilanPI-SP3 1.0.0.8\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbeddedPI-FP5 1.2.0.C\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "\"EmbeddedR2KPI-FP5 1.0.0.3\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbAM4PI 1.0.0.5\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbeddedPI-FP6 1.0.0.9\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Embedded-PI FP7r2 1.0.0.9\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:39:19.127Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31343",
"datePublished": "2025-02-11T22:35:04.110Z",
"dateReserved": "2023-04-27T15:25:41.426Z",
"dateUpdated": "2025-09-23T21:39:19.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31342 (GCVE-0-2023-31342)
Vulnerability from nvd – Published: 2025-02-11 22:24 – Updated: 2026-02-26 19:08
VLAI?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T03:55:33.409726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:51.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MI300API 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Pollock-FT5 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Picasso-FP5 1.0.1.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6 1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI FP7r2 1.0.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:23:17.849Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31342",
"datePublished": "2025-02-11T22:24:02.153Z",
"dateReserved": "2023-04-27T15:25:41.425Z",
"dateUpdated": "2026-02-26T19:08:51.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20582 (GCVE-0-2023-20582)
Vulnerability from nvd – Published: 2025-02-11 21:35 – Updated: 2025-02-12 15:56
VLAI?
Summary
Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
Severity ?
5.3 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:56:12.794718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:56:22.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.C"
},
{
"status": "unaffected",
"version": "SEV FW1.55.36"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
}
],
"value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:35:15.949Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20582",
"datePublished": "2025-02-11T21:35:15.949Z",
"dateReserved": "2022-10-27T18:53:39.758Z",
"dateUpdated": "2025-02-12T15:56:22.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20581 (GCVE-0-2023-20581)
Vulnerability from nvd – Published: 2025-02-11 21:26 – Updated: 2025-02-12 15:34
VLAI?
Summary
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:03:14.654952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:34:49.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.C"
},
{
"status": "unaffected",
"version": "SEV FW1.55.36"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
}
],
"value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:35:31.536Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20581",
"datePublished": "2025-02-11T21:26:11.128Z",
"dateReserved": "2022-10-27T18:53:39.758Z",
"dateUpdated": "2025-02-12T15:34:49.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21925 (GCVE-0-2024-21925)
Vulnerability from nvd – Published: 2025-02-11 20:39 – Updated: 2025-06-27 21:55
VLAI?
Summary
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
Severity ?
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
Naples PI 1.0.0.N
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:01:07.683566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:35:34.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Naples PI 1.0.0.N"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rome PI 1.0.0.K"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Genoa PI 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Milan PI 1.0.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.0.0.a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.F"
},
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.1.0.0h"
},
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.0.0.1j"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
},
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.8a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.Ea"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.1.1a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.7a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3f"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwlPI 1.1.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedV2KAPI-FP6 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.B"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI_FP7R2 1.0.0.C"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 8000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPIFP5 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:55:43.707Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21925",
"datePublished": "2025-02-11T20:39:03.746Z",
"dateReserved": "2024-01-03T16:43:09.232Z",
"dateUpdated": "2025-06-27T21:55:43.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31356 (GCVE-0-2023-31356)
Vulnerability from nvd – Published: 2024-08-13 16:54 – Updated: 2025-02-11 22:48
VLAI?
Summary
Incomplete system memory cleanup in SEV firmware could
allow a privileged attacker to corrupt guest private memory, potentially
resulting in a loss of data integrity.
Severity ?
4.4 (Medium)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
(PI)
|
|||||||||||||||||
|
|||||||||||||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T15:46:30.501050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:53:56.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbMilanPI-SP3 1.0.0.8\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Incomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T22:48:16.160Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31356",
"datePublished": "2024-08-13T16:54:23.979Z",
"dateReserved": "2023-04-27T15:25:41.428Z",
"dateUpdated": "2025-02-11T22:48:16.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20584 (GCVE-0-2023-20584)
Vulnerability from nvd – Published: 2024-08-13 16:53 – Updated: 2024-11-05 21:40
VLAI?
Summary
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
Severity ?
5.3 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
(PI)
|
|||||||
|
|||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:31:27.946120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:40:37.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised \u003ca target=\"_blank\" rel=\"nofollow\"\u003eHypervisor \u003c/a\u003eto\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:53:18.373Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20584",
"datePublished": "2024-08-13T16:53:18.373Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-11-05T21:40:37.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from nvd – Published: 2024-08-13 16:52 – Updated: 2025-03-18 20:03
VLAI?
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
NaplesPI 1.0.0.K
(PI)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7001",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.k"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.g"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9004",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.1.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_9003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_7000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T15:56:35.845479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:03:43.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:58.457Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20578",
"datePublished": "2024-08-13T16:52:58.457Z",
"dateReserved": "2022-10-27T18:53:39.757Z",
"dateUpdated": "2025-03-18T20:03:43.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46746 (GCVE-0-2021-46746)
Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
VLAI?
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing
keys to c006Frrupt the return address, causing a
stack-based buffer overrun, potentially leading to a denial of service.
Severity ?
5.2 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Affected:
various
(PI)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:06:22.367564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:57:25.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "ComboAM5 1.0.8.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "PollockPI-FT5 1.0.0.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.2"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:50:51.023Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46746",
"datePublished": "2024-08-13T16:50:51.023Z",
"dateReserved": "2022-03-31T16:50:27.864Z",
"dateUpdated": "2024-10-31T13:57:25.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31345 (GCVE-0-2023-31345)
Vulnerability from cvelistv5 – Published: 2025-02-11 23:49 – Updated: 2026-02-26 19:08
VLAI?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-1274 - Improper Access Control for Volatile Memory Containing Boot Code
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Affected:
MilanPI 1.0.0.C
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T03:55:32.067831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:50.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "MilanPI 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MI300API 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Pollock-FT5 1.0.0.7\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Picasso-FP5 1.0.1.1\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"RenoirPI-FP6 1.0.0.D\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Cezanne-FP6 1.0.1.0\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"MendocinoPI-FT6 1.0.0.6\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"DragonRangeFL1PI 1.0.0.3C\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbMilanPI-SP3 1.0.0.8\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbAM4PI 1.0.0.5\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbeddedPI-FP6 1.0.0.9\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Embedded-PI FP7r2 1.0.0.9\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1274",
"description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:25:15.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31345",
"datePublished": "2025-02-11T23:49:05.388Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2026-02-26T19:08:50.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-31352 (GCVE-0-2023-31352)
Vulnerability from cvelistv5 – Published: 2025-02-11 22:44 – Updated: 2025-02-12 15:34
VLAI?
Summary
A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data.
Severity ?
6 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:34:35.335247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:34:40.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.C"
},
{
"status": "unaffected",
"version": "SEV FW1.55.36"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
}
],
"value": "A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T23:34:42.830Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31352",
"datePublished": "2025-02-11T22:44:28.001Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2025-02-12T15:34:40.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31343 (GCVE-0-2023-31343)
Vulnerability from cvelistv5 – Published: 2025-02-11 22:35 – Updated: 2025-09-23 21:39
VLAI?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:34:57.941103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:35:05.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MI300API 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Pollock-FT5 1.0.0.7\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Picasso-FP5 1.0.1.1\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"RenoirPI-FP6 1.0.0.D\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Cezanne-FP6 1.0.1.0\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"MendocinoPI-FT6 1.0.0.6\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Rembrandt-FP7 1.0.0.A\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"PhoenixPI-FP8-FP7 1.1.0.2\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"DragonRangeFL1PI 1.0.0.3C\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbMilanPI-SP3 1.0.0.8\""
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbeddedPI-FP5 1.2.0.C\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "\"EmbeddedR2KPI-FP5 1.0.0.3\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbAM4PI 1.0.0.5\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbeddedPI-FP6 1.0.0.9\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"Embedded-PI FP7r2 1.0.0.9\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.\u003cbr\u003e"
}
],
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:39:19.127Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31343",
"datePublished": "2025-02-11T22:35:04.110Z",
"dateReserved": "2023-04-27T15:25:41.426Z",
"dateUpdated": "2025-09-23T21:39:19.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31342 (GCVE-0-2023-31342)
Vulnerability from cvelistv5 – Published: 2025-02-11 22:24 – Updated: 2026-02-26 19:08
VLAI?
Summary
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T03:55:33.409726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:08:51.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Instinct\u2122 MI300A",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MI300API 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Pollock-FT5 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Picasso-FP5 1.0.1.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Cezanne-FP6 1.0.1.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rembrandt-FP7 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.C"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.3"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.1"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Embedded-PI FP7r2 1.0.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"value": "Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T21:23:17.849Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4008.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31342",
"datePublished": "2025-02-11T22:24:02.153Z",
"dateReserved": "2023-04-27T15:25:41.425Z",
"dateUpdated": "2026-02-26T19:08:51.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20582 (GCVE-0-2023-20582)
Vulnerability from cvelistv5 – Published: 2025-02-11 21:35 – Updated: 2025-02-12 15:56
VLAI?
Summary
Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
Severity ?
5.3 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20582",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:56:12.794718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:56:22.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.C"
},
{
"status": "unaffected",
"version": "SEV FW1.55.36"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
}
],
"value": "Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:35:15.949Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20582",
"datePublished": "2025-02-11T21:35:15.949Z",
"dateReserved": "2022-10-27T18:53:39.758Z",
"dateUpdated": "2025-02-12T15:56:22.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20581 (GCVE-0-2023-20581)
Vulnerability from cvelistv5 – Published: 2025-02-11 21:26 – Updated: 2025-02-12 15:34
VLAI?
Summary
Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.C
Unaffected: SEV FW1.55.36 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:03:14.654952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:34:49.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.C"
},
{
"status": "unaffected",
"version": "SEV FW1.55.36"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
}
],
"value": "Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:35:31.536Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3009.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20581",
"datePublished": "2025-02-11T21:26:11.128Z",
"dateReserved": "2022-10-27T18:53:39.758Z",
"dateUpdated": "2025-02-12T15:34:49.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21925 (GCVE-0-2024-21925)
Vulnerability from cvelistv5 – Published: 2025-02-11 20:39 – Updated: 2025-06-27 21:55
VLAI?
Summary
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
Severity ?
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
Naples PI 1.0.0.N
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2025-02-11 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:01:07.683566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:35:34.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Naples PI 1.0.0.N"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Rome PI 1.0.0.K"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Genoa PI 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Milan PI 1.0.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.0.0.a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.C"
},
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2PI 1.2.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5PI 1.2.0.2b"
},
{
"status": "unaffected",
"version": "ComboAM5PI 1.1.0.3b"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.F"
},
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.1.0.0h"
},
{
"status": "unaffected",
"version": "StormPeakPI-SP6 1.0.0.1j"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
},
{
"status": "unaffected",
"version": "PollockPI-FT5 1.0.0.8a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.1.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.Ea"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.1.1a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.7a"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 6000 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7035 Series Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.Ba"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PhoenixPI-FP8-FP7 1.1.8.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 7000 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3f"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwlPI 1.1.0.E"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.D"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI 1.0.0.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedV2KAPI-FP6 1.0.0.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.B"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI_FP7R2 1.0.0.C"
}
]
},
{
"defaultStatus": "unknown",
"product": "AMD Ryzen\u2122 Embedded 8000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPhoenixPI-FP7r2_1.2.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPIFP5 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.F"
}
]
}
],
"datePublic": "2025-02-11T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"value": "Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T21:55:43.707Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21925",
"datePublished": "2025-02-11T20:39:03.746Z",
"dateReserved": "2024-01-03T16:43:09.232Z",
"dateUpdated": "2025-06-27T21:55:43.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31356 (GCVE-0-2023-31356)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:54 – Updated: 2025-02-11 22:48
VLAI?
Summary
Incomplete system memory cleanup in SEV firmware could
allow a privileged attacker to corrupt guest private memory, potentially
resulting in a loss of data integrity.
Severity ?
4.4 (Medium)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
(PI)
|
|||||||||||||||||
|
|||||||||||||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T15:46:30.501050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:53:56.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "\"EmbMilanPI-SP3 1.0.0.8\""
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9004",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.6"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Incomplete system memory cleanup in SEV firmware could\nallow a privileged attacker to corrupt guest private memory, potentially\nresulting in a loss of data integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T22:48:16.160Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
},
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5004.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31356",
"datePublished": "2024-08-13T16:54:23.979Z",
"dateReserved": "2023-04-27T15:25:41.428Z",
"dateUpdated": "2025-02-11T22:48:16.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20584 (GCVE-0-2023-20584)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:53 – Updated: 2024-11-05 21:40
VLAI?
Summary
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
Severity ?
5.3 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
(PI)
|
|||||||
|
|||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:31:27.946120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:40:37.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised \u003ca target=\"_blank\" rel=\"nofollow\"\u003eHypervisor \u003c/a\u003eto\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:53:18.373Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20584",
"datePublished": "2024-08-13T16:53:18.373Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-11-05T21:40:37.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:52 – Updated: 2025-03-18 20:03
VLAI?
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Severity ?
7.5 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
NaplesPI 1.0.0.K
(PI)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7001",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.k"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.g"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9004",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.1.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_9003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_7000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T15:56:35.845479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:03:43.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:58.457Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20578",
"datePublished": "2024-08-13T16:52:58.457Z",
"dateReserved": "2022-10-27T18:53:39.757Z",
"dateUpdated": "2025-03-18T20:03:43.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46746 (GCVE-0-2021-46746)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
VLAI?
Summary
Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing
keys to c006Frrupt the return address, causing a
stack-based buffer overrun, potentially leading to a denial of service.
Severity ?
5.2 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Affected:
various
(PI)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:06:22.367564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:57:25.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4 V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4V2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "ComboAM5 1.0.8.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.9"
},
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 PI 1.2.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakPI-SP3r3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
},
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.9"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "PollockPI-FT5 1.0.0.4"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "PicassoPI-FP5 1.0.0.E"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.5"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "DragonRangeFL1PI 1.0.0.3b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedR2KPI-FP5 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbAM4PI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP5 1.2.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6 1.0.0.6"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.2"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:50:51.023Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46746",
"datePublished": "2024-08-13T16:50:51.023Z",
"dateReserved": "2022-03-31T16:50:27.864Z",
"dateUpdated": "2024-10-31T13:57:25.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}