Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for AMD EPYC™ Embedded 9003 Series Processors by AMD

    CVE-2023-20591 (GCVE-0-2023-20591)

    Vulnerability from nvd – Published: 2024-08-13 16:53 – Updated: 2025-03-13 16:41
    VLAI
    Summary
    Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7003 Series Processors Unaffected: MilanPI 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Series Processors Unaffected: Genoa 1.0.0.8
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Unaffected: EmbMilanPI-SP3 1.0.0.7
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Unaffected: EmbGenoaPI-SP5 1.0.0.3
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.b (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.8 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.b (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.8 (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T13:13:17.696799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-665",
                    "description": "CWE-665 Improper Initialization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T16:41:15.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003  Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MilanPI 1.0.0.B",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Genoa 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbGenoaPI-SP5  1.0.0.3"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability.\n\n\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:53:23.681Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20591",
        "datePublished": "2024-08-13T16:53:23.681Z",
        "dateReserved": "2022-10-27T18:53:39.761Z",
        "dateUpdated": "2025-03-13T16:41:15.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46746 (GCVE-0-2021-46746)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
    VLAI
    Summary
    Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: DragonRangeFL1PI 1.0.0.3b
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: EmbeddedAM5PI 1.0.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.2
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T16:06:22.367564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:57:25.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7001 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DragonRangeFL1PI 1.0.0.3b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI  1.0.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.2"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:51.023Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46746",
        "datePublished": "2024-08-13T16:50:51.023Z",
        "dateReserved": "2022-03-31T16:50:27.864Z",
        "dateUpdated": "2024-10-31T13:57:25.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26387 (GCVE-0-2021-26387)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-10-30 17:59
    VLAI
    Summary
    Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.9
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T15:47:34.441746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:59:30.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.9"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected \u003ca target=\"_blank\" rel=\"nofollow\"\u003eareas,\u003c/a\u003e\u0026nbsp;potentially leading to a loss of platform integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:22.151Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26387",
        "datePublished": "2024-08-13T16:50:22.151Z",
        "dateReserved": "2021-01-29T21:24:26.161Z",
        "dateUpdated": "2024-10-30T17:59:30.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20591 (GCVE-0-2023-20591)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:53 – Updated: 2025-03-13 16:41
    VLAI
    Summary
    Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of confidentiality, integrity, and availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7003 Series Processors Unaffected: MilanPI 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Series Processors Unaffected: Genoa 1.0.0.8
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Unaffected: EmbMilanPI-SP3 1.0.0.7
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Unaffected: EmbGenoaPI-SP5 1.0.0.3
    Create a notification for this product.
    amd epyc_7003_firmware Affected: 0 , < milanpi_1.0.0.b (custom)
        cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9003_firmware Affected: 0 , < genoapi_1.0.0.8 (custom)
        cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_7773x_firmware Affected: 0 , < milanpi_1.0.0.b (custom)
        cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_9754s_firmware Affected: 0 , < genoapi_1.0.0.8 (custom)
        cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9003_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_7773x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milanpi_1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_9754s_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoapi_1.0.0.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T13:13:17.696799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-665",
                    "description": "CWE-665 Improper Initialization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T16:41:15.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003  Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MilanPI 1.0.0.B",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Genoa 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbGenoaPI-SP5  1.0.0.3"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability.\n\n\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:53:23.681Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20591",
        "datePublished": "2024-08-13T16:53:23.681Z",
        "dateReserved": "2022-10-27T18:53:39.761Z",
        "dateUpdated": "2025-03-13T16:41:15.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46746 (GCVE-0-2021-46746)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
    VLAI
    Summary
    Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: DragonRangeFL1PI 1.0.0.3b
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: EmbeddedAM5PI 1.0.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.2
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T16:06:22.367564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:57:25.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7001 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DragonRangeFL1PI 1.0.0.3b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI  1.0.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.2"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:51.023Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46746",
        "datePublished": "2024-08-13T16:50:51.023Z",
        "dateReserved": "2022-03-31T16:50:27.864Z",
        "dateUpdated": "2024-10-31T13:57:25.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26387 (GCVE-0-2021-26387)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-10-30 17:59
    VLAI
    Summary
    Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.9
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T15:47:34.441746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:59:30.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.9"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected \u003ca target=\"_blank\" rel=\"nofollow\"\u003eareas,\u003c/a\u003e\u0026nbsp;potentially leading to a loss of platform integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:22.151Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26387",
        "datePublished": "2024-08-13T16:50:22.151Z",
        "dateReserved": "2021-01-29T21:24:26.161Z",
        "dateUpdated": "2024-10-30T17:59:30.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }