Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics by AMD

    CVE-2024-21981 (GCVE-0-2024-21981)

    Vulnerability from nvd – Published: 2024-08-13 16:54 – Updated: 2024-08-15 18:09
    VLAI
    Summary
    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: various
    Create a notification for this product.
    amd athlon Affected: 0 , < * (custom)
        cpe:2.3:h:amd:athlon:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc Affected: 0 , < * (custom)
        cpe:2.3:h:amd:epyc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:athlon:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:epyc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T17:56:59.454756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-639",
                    "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T18:09:24.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ewho has gained arbitrary code\nexecution privilege in ASP\u0026nbsp;\u003c/a\u003eto\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity.\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access who has gained arbitrary code\nexecution privilege in ASP\u00a0to\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:54:58.122Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21981",
        "datePublished": "2024-08-13T16:54:58.122Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-15T18:09:24.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20518 (GCVE-0-2023-20518)

    Vulnerability from nvd – Published: 2024-08-13 16:52 – Updated: 2024-11-05 17:10
    VLAI
    Summary
    Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 9004 Series Processors Unaffected: GenoaPI 1.0.0.4 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4V1 1.0.0.A
    Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: ComboAM5 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Unaffected: ComboAM4V1 1.0.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.B
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.F
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.F
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.C
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.3
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: EmbeddedAM5PI 1.0.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.5
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T14:20:09.090291Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-459",
                    "description": "CWE-459 Incomplete Cleanup",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T17:10:30.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GenoaPI 1.0.0.4",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V1 1.0.0.A"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM5 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4V1 1.0.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8  1.0.0.6"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8  1.0.0.B"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.F"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5   1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.F"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.C"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI 1.0.0.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI  1.0.0.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.5"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:52:55.976Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20518",
        "datePublished": "2024-08-13T16:52:55.976Z",
        "dateReserved": "2022-10-27T18:53:39.736Z",
        "dateUpdated": "2024-11-05T17:10:30.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23817 (GCVE-0-2022-23817)

    Vulnerability from nvd – Published: 2024-08-13 16:51 – Updated: 2026-05-15 03:03
    VLAI
    Summary
    Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.5
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.C
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4V1 1.0.0.A
    Unaffected: ComboAM4V2 1.2.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 2000 Mobile Processors Unaffected: ComboAM4v2 PI 1.2.0.8
    Unaffected: ComboAM4PI 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7_1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5_1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") Unaffected: EmbeddedPI-FP5_1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso") Unaffected: EmbeddedPI-FP5_1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processor Unaffected: EmbeddedPI-FP6_1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2_1002
    Create a notification for this product.
    AMD AMD Radeon™ RX 5000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W5000 Series Graphics Products Unaffected: AMD Software: PRO Edition 22.Q2 (22.10.20)
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Products Unaffected: AMD Software: PRO Edition 22.Q2 (22.10.20)
    Create a notification for this product.
    AMD MI-25 / 50 Unaffected: No fix planned
    Create a notification for this product.
    AMD MI-100 Unaffected: ROCm 6.4.2
    Create a notification for this product.
    AMD AMD Instinct™ MI250 Unaffected: ROCm 7.0
    Create a notification for this product.
    AMD AMD Instinct™ MI210 Unaffected: ROCm 7.0
    Create a notification for this product.
    amd ryzen_3_3300x_firmware Unaffected: 0 , < comboam4v2_1.2.0.a (custom)
        cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_3300u_firmware Unaffected: 0 , < picassopi-fp5_1.0.0.e (custom)
        cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_pro_3200g_firmware Unaffected: 0 , < comboam4v2_pi_1.2.0.8 (custom)
        cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5_7500f_firmware Unaffected: 0 , < comboam5_1.0.8.0 (custom)
        cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3995wx_firmware Unaffected: 0 , < castlepeakpi-sp3r3_1.0.0.8 (custom)
        cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3995wx_firmware Unaffected: 0 , < castlepeakwspi-swrx8_1.0.0.a (custom)
        cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_5995wx_firmware Unaffected: 0 , < chagallwspi-swrx8_1.0.0.5 (custom)
        cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_4300u_firmware Unaffected: 0 , < renoirpi-fp6_1.0.0.a (custom)
        cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5_6600u_firmware Unaffected: 0 , < rembrandtpi-fp7_1.0.0.5 (custom)
        cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_7335u_firmware Unaffected: 0 , < rembrandtpi-fp7_1.0.0.5 (custom)
        cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7_7745hx_firmware Unaffected: 0 , < dragonrangefl1pi_1.0.0.3b (custom)
        cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5_5600x_firmware Unaffected: 0 , < comboam4v2_pi_1.2.0.8 (custom)
        cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_5300g_firmware Unaffected: 0 , < cezannepi-fp6_1.0.0.c (custom)
        cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_5425c_firmware Unaffected: 0 , < cezannepi-fp6_1.0.0.c (custom)
        cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_pro_300ge_firmware Unaffected: 0 , < picassopi-fp5_1.0.0.e (custom)
        cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-05-15 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_3300x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2_1.2.0.a",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_3300u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picassopi-fp5_1.0.0.e",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_pro_3200g_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2_pi_1.2.0.8",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_5_7500f_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5_1.0.8.0",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_threadripper_pro_3995wx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpi-sp3r3_1.0.0.8",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_threadripper_pro_3995wx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakwspi-swrx8_1.0.0.a",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_threadripper_pro_5995wx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8_1.0.0.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_4300u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6_1.0.0.a",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_5_6600u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rembrandtpi-fp7_1.0.0.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_7335u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rembrandtpi-fp7_1.0.0.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_7_7745hx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1pi_1.0.0.3b",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_5_5600x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2_pi_1.2.0.8",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_5300g_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6_1.0.0.c",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_5425c_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6_1.0.0.c",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "athlon_pro_300ge_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picassopi-fp5_1.0.0.e",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T17:51:43.434721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T20:27:19.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.5"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6 1.0.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.C"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V1 1.0.0.A"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 2000 Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7_1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5_1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5_1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5_1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6_1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2_1002"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 22.Q2 (22.10.20)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 22.Q2 (22.10.20)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "MI-25 / 50",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "MI-100",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20  Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T03:03:25.036Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5002.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-1029.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23817",
        "datePublished": "2024-08-13T16:51:45.468Z",
        "dateReserved": "2022-01-21T17:14:12.302Z",
        "dateUpdated": "2026-05-15T03:03:25.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-46772 (GCVE-0-2021-46772)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-11-05 21:18
    VLAI
    Summary
    Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7002 Series Processors Unaffected: RomePI 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Unaffected: MilanPI 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.3
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Unaffected: EmbRomePI-SP3 1.0.0.8
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Unaffected: EmbMilanPI-SP3 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.4
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T14:19:27.997821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T21:18:50.631Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RomePI 1.0.0.E",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MilanPI 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbRomePI-SP3  1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3  1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.4"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:54.016Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46772",
        "datePublished": "2024-08-13T16:50:54.016Z",
        "dateReserved": "2022-03-31T16:50:27.872Z",
        "dateUpdated": "2024-11-05T21:18:50.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46746 (GCVE-0-2021-46746)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
    VLAI
    Summary
    Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: DragonRangeFL1PI 1.0.0.3b
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: EmbeddedAM5PI 1.0.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.2
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T16:06:22.367564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:57:25.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7001 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DragonRangeFL1PI 1.0.0.3b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI  1.0.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.2"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:51.023Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46746",
        "datePublished": "2024-08-13T16:50:51.023Z",
        "dateReserved": "2022-03-31T16:50:27.864Z",
        "dateUpdated": "2024-10-31T13:57:25.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26387 (GCVE-0-2021-26387)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-10-30 17:59
    VLAI
    Summary
    Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.9
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T15:47:34.441746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:59:30.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.9"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected \u003ca target=\"_blank\" rel=\"nofollow\"\u003eareas,\u003c/a\u003e\u0026nbsp;potentially leading to a loss of platform integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:22.151Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26387",
        "datePublished": "2024-08-13T16:50:22.151Z",
        "dateReserved": "2021-01-29T21:24:26.161Z",
        "dateUpdated": "2024-10-30T17:59:30.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26367 (GCVE-0-2021-26367)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-12-04 16:25
    VLAI
    Summary
    A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Cards Unaffected: AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Cards Unaffected: AMD Software: PRO Edition 23.Q4 (23.30.13.03)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:04:31.680686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:25:09.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI  1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
                }
              ],
              "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:05.825Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26367",
        "datePublished": "2024-08-13T16:50:05.825Z",
        "dateReserved": "2021-01-29T21:24:26.151Z",
        "dateUpdated": "2024-12-04T16:25:09.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26344 (GCVE-0-2021-26344)

    Vulnerability from nvd – Published: 2024-08-13 16:49 – Updated: 2025-03-18 15:35
    VLAI
    Summary
    An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Unaffected: RomePI 1.0.0.C
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Unaffected: MilanPI 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.3
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Unaffected: EmbRomePI-SP3 1.0.0.6
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: Various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Unaffected: EmbMilanPI-SP3 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.4
    Create a notification for this product.
    amd naplespi Affected: 0 , < 1.0.0.k (custom)
        cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd romepi Affected: 0 , < 1.0.0.C (custom)
        cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd milanpi Affected: 0 , < 1.0.0.5 (custom)
        cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "naplespi",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "1.0.0.k",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "romepi",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "1.0.0.C",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "milanpi",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "1.0.0.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:29:11.333464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T15:35:45.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RomePI 1.0.0.C"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MilanPI 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8  1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbRomePI-SP3  1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.4"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:49:52.889Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26344",
        "datePublished": "2024-08-13T16:49:52.889Z",
        "dateReserved": "2021-01-29T21:24:26.145Z",
        "dateUpdated": "2025-03-18T15:35:45.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31315 (GCVE-0-2023-31315)

    Vulnerability from nvd – Published: 2024-08-09 17:08 – Updated: 2024-09-12 12:56
    VLAI
    Summary
    Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < Milan PI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various , < Naples PI 1.0.0.M (Platform Initialization)
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various , < Rome PI 1.0.0.J (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Unaffected: various , < Genoa PI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Unaffected: various , < EmbGenoaPI 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various , < CastlePeakPI-SP3r3 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors Affected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Unaffected: various , < CastlePeakWSPI-sWRX8 1.0.0.D (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < Picasso-FP5 1.0.1.2 (PI)
    Unaffected: various , < PollockPI-FT5 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various , < Picasso-FP5 1.0.1.2 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < RenoirPI-FP6 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < CezannePI-FP6 1.0.1.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Affected: various , < CezannePI-FP6 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < PhoenixPI-FP8-FP7 1.1.0.3 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: various , < DragonRangeFL1 1.0.0.3e (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various , < MendocinoPI-FT6 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics Unaffected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    amd 1st_gen_amd_epyc_processors Affected: 0 , < naples.pi.1.0.0.m (custom)
        cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 3rd_gen_amd_epyc_processors Affected: 0 , < milan.pi.1.0.0.d (custom)
        cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 2nd_gen_amd_epyc_processors Affected: 0 , < rome.pi.1.0.0.j (custom)
        cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: various
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 4th_gen_amd_epyc_processors Affected: 0 , < genoa_pi_1.0.0.c (custom)
        cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_3000 Affected: various
        cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7002 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7003 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_9003 Unaffected: 0 , < emgenoa.pi.1.0.0.7 (custom)
    Affected: various
        cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_7000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_5000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v3000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7040_series_mobile_processors_with_radeon_graphics Unaffected: various , < phoenixpi-fp8-fp7.1.1.0.3 (python)
        cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors_with_radeon_graphics Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_desktop_processors Affected: 0 , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 0 , < comboam4v2pi.1.2.0.cb (python)
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_3000_series_processors Affected: 0 , < castlepeakpl-sp3r3.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
    Affected: various , < castlepeakwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3000wx_series_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000_series_mobile_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
    Affected: various , < pollockpi-ft5.1.0.0.8 (python)
        cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_mobile_processors_with_radeon_graphics Unaffected: various , < renoirpi-fp6.1.0.0.e (python)
        cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_mobile_processors_with_radeon_graphics Unaffected: various , < cezannepi-fp6.1.0.1.1 (python)
        cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7030_series-mobile_processors_with_radeon_graphics Affected: various , < cezannepi-fp6 (python)
        cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7045_series_mobile_processors Unaffected: various , < dragonrangefl1.1.0.0.3e (python)
        cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6000_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7020_processors_with_radeongraphics Affected: various , < mendocinopi-ft6.1.0.0.7 (python)
        cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7035_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_8000_series_processors_with_radeongraphics Unaffected: various , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-09 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:56:32.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
              },
              {
                "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
              },
              {
                "url": "https://news.ycombinator.com/item?id=41475975"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "1st_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "naples.pi.1.0.0.m",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "3rd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milan.pi.1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "2nd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rome.pi.1.0.0.j",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "4th_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoa_pi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7002",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7003",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_9003",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "emgenoa.pi.1.0.0.7",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_7000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_5000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_3000_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_3000wx_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "pollockpi-ft5.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6.1.0.0.e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6.1.0.1.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7045_series_mobile_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1.1.0.0.3e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6000_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7020_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "mendocinopi-ft6.1.0.0.7",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7035_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_8000_series_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T17:29:59.373286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T14:54:02.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Milan PI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Naples PI 1.0.0.M",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Rome PI 1.0.0.J",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Genoa PI 1.0.0.C",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI 1.0.0.7",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "PollockPI-FT5 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RenoirPI-FP6 1.0.0.E",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6 1.0.1.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "DragonRangeFL1 1.0.0.3e",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MendocinoPI-FT6 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            }
          ],
          "datePublic": "2024-08-09T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T15:37:24.501Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31315",
        "datePublished": "2024-08-09T17:08:24.237Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-09-12T12:56:32.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23829 (GCVE-0-2022-23829)

    Vulnerability from nvd – Published: 2024-06-18 19:01 – Updated: 2024-08-29 20:40
    VLAI
    Summary
    A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Mobile Processors and Workstations Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processor Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC (TM) Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V3000 Affected: various
    Create a notification for this product.
    amd ryzen_threadripper_pro_5995wx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6980hx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 18:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_5995wx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6980hx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23829",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:32:15.481387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:40:26.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC (TM) Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-06-11T18:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T19:01:57.007Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23829",
        "datePublished": "2024-06-18T19:01:24.315Z",
        "dateReserved": "2022-01-21T17:20:55.781Z",
        "dateUpdated": "2024-08-29T20:40:26.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20579 (GCVE-0-2023-20579)

    Vulnerability from nvd – Published: 2024-02-13 19:32 – Updated: 2025-03-14 17:21
    VLAI
    Summary
    Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processor Affected: Various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T15:53:23.792810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T17:21:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:11.904Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20579",
        "datePublished": "2024-02-13T19:32:11.904Z",
        "dateReserved": "2022-10-27T18:53:39.757Z",
        "dateUpdated": "2025-03-14T17:21:09.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21981 (GCVE-0-2024-21981)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:54 – Updated: 2024-08-15 18:09
    VLAI
    Summary
    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: various
    Create a notification for this product.
    amd athlon Affected: 0 , < * (custom)
        cpe:2.3:h:amd:athlon:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc Affected: 0 , < * (custom)
        cpe:2.3:h:amd:epyc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:athlon:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:epyc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T17:56:59.454756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-639",
                    "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T18:09:24.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ewho has gained arbitrary code\nexecution privilege in ASP\u0026nbsp;\u003c/a\u003eto\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity.\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper key usage control in AMD Secure Processor\n(ASP) may allow an attacker with local access who has gained arbitrary code\nexecution privilege in ASP\u00a0to\nextract ASP cryptographic keys, potentially resulting in loss of\nconfidentiality and integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:54:58.122Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2024-21981",
        "datePublished": "2024-08-13T16:54:58.122Z",
        "dateReserved": "2024-01-03T16:43:30.197Z",
        "dateUpdated": "2024-08-15T18:09:24.358Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20518 (GCVE-0-2023-20518)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:52 – Updated: 2024-11-05 17:10
    VLAI
    Summary
    Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 9004 Series Processors Unaffected: GenoaPI 1.0.0.4 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4V1 1.0.0.A
    Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: ComboAM5 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Unaffected: ComboAM4V1 1.0.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.B
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.F
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.F
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.C
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.3
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: EmbeddedAM5PI 1.0.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.5
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T14:20:09.090291Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-459",
                    "description": "CWE-459 Incomplete Cleanup",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T17:10:30.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "GenoaPI 1.0.0.4",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V1 1.0.0.A"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM5 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4V1 1.0.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8  1.0.0.6"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8  1.0.0.B"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.F"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5   1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.F"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.C"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI 1.0.0.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI  1.0.0.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.5"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:52:55.976Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20518",
        "datePublished": "2024-08-13T16:52:55.976Z",
        "dateReserved": "2022-10-27T18:53:39.736Z",
        "dateUpdated": "2024-11-05T17:10:30.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23817 (GCVE-0-2022-23817)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:51 – Updated: 2026-05-15 03:03
    VLAI
    Summary
    Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.5
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.C
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4V1 1.0.0.A
    Unaffected: ComboAM4V2 1.2.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 2000 Mobile Processors Unaffected: ComboAM4v2 PI 1.2.0.8
    Unaffected: ComboAM4PI 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7_1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5_1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") Unaffected: EmbeddedPI-FP5_1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Picasso") Unaffected: EmbeddedPI-FP5_1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processor Unaffected: EmbeddedPI-FP6_1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2_1002
    Create a notification for this product.
    AMD AMD Radeon™ RX 5000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W5000 Series Graphics Products Unaffected: AMD Software: PRO Edition 22.Q2 (22.10.20)
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Products Unaffected: AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Products Unaffected: AMD Software: PRO Edition 22.Q2 (22.10.20)
    Create a notification for this product.
    AMD MI-25 / 50 Unaffected: No fix planned
    Create a notification for this product.
    AMD MI-100 Unaffected: ROCm 6.4.2
    Create a notification for this product.
    AMD AMD Instinct™ MI250 Unaffected: ROCm 7.0
    Create a notification for this product.
    AMD AMD Instinct™ MI210 Unaffected: ROCm 7.0
    Create a notification for this product.
    amd ryzen_3_3300x_firmware Unaffected: 0 , < comboam4v2_1.2.0.a (custom)
        cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_3300u_firmware Unaffected: 0 , < picassopi-fp5_1.0.0.e (custom)
        cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_pro_3200g_firmware Unaffected: 0 , < comboam4v2_pi_1.2.0.8 (custom)
        cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5_7500f_firmware Unaffected: 0 , < comboam5_1.0.8.0 (custom)
        cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3995wx_firmware Unaffected: 0 , < castlepeakpi-sp3r3_1.0.0.8 (custom)
        cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3995wx_firmware Unaffected: 0 , < castlepeakwspi-swrx8_1.0.0.a (custom)
        cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_5995wx_firmware Unaffected: 0 , < chagallwspi-swrx8_1.0.0.5 (custom)
        cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_4300u_firmware Unaffected: 0 , < renoirpi-fp6_1.0.0.a (custom)
        cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5_6600u_firmware Unaffected: 0 , < rembrandtpi-fp7_1.0.0.5 (custom)
        cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_7335u_firmware Unaffected: 0 , < rembrandtpi-fp7_1.0.0.5 (custom)
        cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7_7745hx_firmware Unaffected: 0 , < dragonrangefl1pi_1.0.0.3b (custom)
        cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5_5600x_firmware Unaffected: 0 , < comboam4v2_pi_1.2.0.8 (custom)
        cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_5300g_firmware Unaffected: 0 , < cezannepi-fp6_1.0.0.c (custom)
        cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3_5425c_firmware Unaffected: 0 , < cezannepi-fp6_1.0.0.c (custom)
        cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_pro_300ge_firmware Unaffected: 0 , < picassopi-fp5_1.0.0.e (custom)
        cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2026-05-15 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_3900_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_3900x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_3900xt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_3950x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3700x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3800x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3800xt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3600_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3600x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3600xt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3100_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3300x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_3300x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2_1.2.0.a",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_7_3700c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3700u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3750h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_3780u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3450u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3500u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3550h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3580u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3350u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3300u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_3300u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picassopi-fp5_1.0.0.e",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_7_4700g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4700ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_4300ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_4300g_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_pro_3200g_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2_pi_1.2.0.8",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_5_7500f_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_5_7500f_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5_1.0.8.0",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_threadripper_3960x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_3970x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_3990x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_threadripper_pro_3995wx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpi-sp3r3_1.0.0.8",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3945wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3955wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3975wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_3995wx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_threadripper_pro_3995wx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakwspi-swrx8_1.0.0.a",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5945wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5955wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5965wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5975wx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_threadripper_pro_5995wx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_threadripper_pro_5995wx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8_1.0.0.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_4900h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_4900hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4700u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4800h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4800hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4800u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_4980u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4500u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4600u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_4680u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_4300u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_4300u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6_1.0.0.a",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_6800h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_6800u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_6600h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_6600u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_5_6600u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rembrandtpi-fp7_1.0.0.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_7735u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_7736u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_7535u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_7335u_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_7335u_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rembrandtpi-fp7_1.0.0.5",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_7945hx3d_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_7945hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_7845hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_7745hx_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_7_7745hx_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1pi_1.0.0.3b",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_5900_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5900x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5950x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800x3d_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800x_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5500_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600x3d_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600x_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_5_5600x_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2_pi_1.2.0.8",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5700g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5500gt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600gt_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5300ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5300g_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_5300g_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6_1.0.0.c",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5800u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_7_5825u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5500h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5560u_firmware:cezannepi-fp6_1.0.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5600u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_5_5625u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5125c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5400u_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:ryzen_3_5425c_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ryzen_3_5425c_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6_1.0.0.c",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:amd:athlon_3000g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "athlon_pro_300ge_firmware",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picassopi-fp5_1.0.0.e",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23817",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T17:51:43.434721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T20:27:19.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.5"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6 1.0.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.C"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V1 1.0.0.A"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 2000 Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7_1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5_1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5_1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Picasso\")",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5_1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6_1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2_1002"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W5000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 22.Q2 (22.10.20)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: Adrenalin Edition 22.5.2 (22.10.17.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Products",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software: PRO Edition 22.Q2 (22.10.20)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "MI-25 / 50",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "No fix planned"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "MI-100",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 6.4.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI250",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Instinct\u2122 MI210",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ROCm 7.0"
                }
              ]
            }
          ],
          "datePublic": "2026-05-15T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient checking of memory buffer in AMD Secure Processor (ASP) Secure OS may allow an attacker with a malicious trusted application to read/write to the ASP Secure OS kernel virtual address space, potentially resulting in privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20  Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T03:03:25.036Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5002.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-1029.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "AMD PSIRT Automation 1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23817",
        "datePublished": "2024-08-13T16:51:45.468Z",
        "dateReserved": "2022-01-21T17:14:12.302Z",
        "dateUpdated": "2026-05-15T03:03:25.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-46772 (GCVE-0-2021-46772)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-11-05 21:18
    VLAI
    Summary
    Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7002 Series Processors Unaffected: RomePI 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Unaffected: MilanPI 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.3
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Unaffected: EmbRomePI-SP3 1.0.0.8
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Unaffected: EmbMilanPI-SP3 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.4
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46772",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T14:19:27.997821Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T21:18:50.631Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RomePI 1.0.0.E",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MilanPI 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbRomePI-SP3  1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3  1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.4"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Insufficient input validation in the ABL may allow a privileged\nattacker with access to the BIOS menu or UEFI shell to tamper with the\nstructure headers in SPI ROM causing an out of bounds memory read and write,\npotentially resulting in memory corruption or denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:54.016Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46772",
        "datePublished": "2024-08-13T16:50:54.016Z",
        "dateReserved": "2022-03-31T16:50:27.872Z",
        "dateUpdated": "2024-11-05T21:18:50.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46746 (GCVE-0-2021-46746)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-10-31 13:57
    VLAI
    Summary
    Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: DragonRangeFL1PI 1.0.0.3b
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: EmbeddedAM5PI 1.0.0.0
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.2
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T16:06:22.367564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:57:25.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7001 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "DragonRangeFL1PI 1.0.0.3b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI  1.0.0.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.2"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (\u003ca target=\"_blank\" rel=\"nofollow\"\u003eTEE\u003c/a\u003e) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, \u003ca target=\"_blank\" rel=\"nofollow\"\u003epotentially\u003c/a\u003e\u0026nbsp;leading to a denial of service.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing\nkeys to c006Frrupt the return address, causing a\nstack-based buffer overrun, potentially\u00a0leading to a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:51.023Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46746",
        "datePublished": "2024-08-13T16:50:51.023Z",
        "dateReserved": "2022-03-31T16:50:27.864Z",
        "dateUpdated": "2024-10-31T13:57:25.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26387 (GCVE-0-2021-26387)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-10-30 17:59
    VLAI
    Summary
    Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ 9004 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4 V2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: ComboAM5 1.0.8.0
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Unaffected: CastlePeakPI-SP3r3 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Unaffected: CastlePeakWSPI-sWRX8 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.2
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.9b
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.9
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.9
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T15:47:34.441746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:59:30.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "PI",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 9004 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4 V2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM5 1.0.8.0"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI 1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CastlePeakPI-SP3r3  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                },
                {
                  "status": "unaffected",
                  "version": "CastlePeakWSPI-sWRX8 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6  1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.9b"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.9"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.9"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected \u003ca target=\"_blank\" rel=\"nofollow\"\u003eareas,\u003c/a\u003e\u0026nbsp;potentially leading to a loss of platform integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Insufficient access controls in ASP kernel may allow a\nprivileged attacker with access to AMD signing keys and the BIOS menu or UEFI\nshell to map DRAM regions in protected areas,\u00a0potentially leading to a loss of platform integrity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:22.151Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26387",
        "datePublished": "2024-08-13T16:50:22.151Z",
        "dateReserved": "2021-01-29T21:24:26.161Z",
        "dateUpdated": "2024-10-30T17:59:30.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26367 (GCVE-0-2021-26367)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-12-04 16:25
    VLAI
    Summary
    A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Cards Unaffected: AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Cards Unaffected: AMD Software: PRO Edition 23.Q4 (23.30.13.03)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:04:31.680686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:25:09.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI  1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
                }
              ],
              "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:05.825Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26367",
        "datePublished": "2024-08-13T16:50:05.825Z",
        "dateReserved": "2021-01-29T21:24:26.151Z",
        "dateUpdated": "2024-12-04T16:25:09.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26344 (GCVE-0-2021-26344)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:49 – Updated: 2025-03-18 15:35
    VLAI
    Summary
    An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD EPYC™ 7001 Series Processors Affected: various (PI)
    Create a notification for this product.
    AMD AMD EPYC™ 7002 Series Processors Unaffected: RomePI 1.0.0.C
    Create a notification for this product.
    AMD AMD EPYC™ 7003 Series Processors Unaffected: MilanPI 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4V2 1.2.0.A
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 5000WX Processors Unaffected: ChagallWSPI-sWRX8 1.0.0.6
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: MendocinoPI-FT6 1.0.0.3
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: RembrandtPI-FP7 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.E
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Series Processors Unaffected: EmbRomePI-SP3 1.0.0.6
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Series Processors Affected: Various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Series Processors Unaffected: EmbMilanPI-SP3 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Affected: v
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Series Processors Unaffected: EmbeddedPI-FP7r2 1.0.0.4
    Create a notification for this product.
    amd naplespi Affected: 0 , < 1.0.0.k (custom)
        cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd romepi Affected: 0 , < 1.0.0.C (custom)
        cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd milanpi Affected: 0 , < 1.0.0.5 (custom)
        cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:naplespi:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "naplespi",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "1.0.0.k",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:romepi:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "romepi",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "1.0.0.C",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "milanpi",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "1.0.0.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:29:11.333464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T15:35:45.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7001 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RomePI 1.0.0.C"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MilanPI 1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4V2 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ChagallWSPI-sWRX8  1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "MendocinoPI-FT6 1.0.0.3"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RembrandtPI-FP7 1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbRomePI-SP3  1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3  1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "v"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2 1.0.0.4"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution.\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "An out of bounds memory write when processing the AMD\nPSP1 Configuration Block (APCB) could allow an attacker with access the ability\nto modify the BIOS image, and the ability to sign the resulting image, to\npotentially modify the APCB block resulting in arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:49:52.889Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26344",
        "datePublished": "2024-08-13T16:49:52.889Z",
        "dateReserved": "2021-01-29T21:24:26.145Z",
        "dateUpdated": "2025-03-18T15:35:45.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31315 (GCVE-0-2023-31315)

    Vulnerability from cvelistv5 – Published: 2024-08-09 17:08 – Updated: 2024-09-12 12:56
    VLAI
    Summary
    Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD 3rd Gen AMD EPYC™ Processors Affected: various , < Milan PI 1.0.0.D (Platform Initialization)
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various , < Naples PI 1.0.0.M (Platform Initialization)
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various , < Rome PI 1.0.0.J (Platform Initialization)
    Create a notification for this product.
    AMD 4th Gen AMD EPYC™ Processors Unaffected: various , < Genoa PI 1.0.0.C (Platform Initialization)
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 9003 Unaffected: various , < EmbGenoaPI 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics Unaffected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various , < ComboAM4v2PI 1.2.0.cb (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various , < CastlePeakPI-SP3r3 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processors Affected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Unaffected: various , < CastlePeakWSPI-sWRX8 1.0.0.D (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors Unaffected: various , < ChagallWSPI-sWRX8 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < Picasso-FP5 1.0.1.2 (PI)
    Unaffected: various , < PollockPI-FT5 1.0.0.8 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Affected: various , < Picasso-FP5 1.0.1.2 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < RenoirPI-FP6 1.0.0.E (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < CezannePI-FP6 1.0.1.1 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Affected: various , < CezannePI-FP6 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: various , < PhoenixPI-FP8-FP7 1.1.0.3 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Unaffected: various , < DragonRangeFL1 1.0.0.3e (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various , < MendocinoPI-FT6 1.0.0.7 (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: various , < RembrandtPI-FP7 1.0.0.B (PI)
    Create a notification for this product.
    AMD AMD Ryzen™ 8000 Series Processors with Radeon™ Graphics Unaffected: various , < ComboAM5PI 1.2.0.1 (PI)
    Create a notification for this product.
    amd 1st_gen_amd_epyc_processors Affected: 0 , < naples.pi.1.0.0.m (custom)
        cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 3rd_gen_amd_epyc_processors Affected: 0 , < milan.pi.1.0.0.d (custom)
        cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 2nd_gen_amd_epyc_processors Affected: 0 , < rome.pi.1.0.0.j (custom)
        cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: various
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd 4th_gen_amd_epyc_processors Affected: 0 , < genoa_pi_1.0.0.c (custom)
        cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_3000 Affected: various
        cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7002 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_7003 Affected: various
        cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd epyc_embedded_9003 Unaffected: 0 , < emgenoa.pi.1.0.0.7 (custom)
    Affected: various
        cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_7000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_5000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v3000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v2000 Affected: various
        cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7040_series_mobile_processors_with_radeon_graphics Unaffected: various , < phoenixpi-fp8-fp7.1.1.0.3 (python)
        cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors_with_radeon_graphics Unaffected: 0 , < comboam4v2pi.1.2.0.cb (custom)
    Affected: various
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_desktop_processors Affected: 0 , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 0 , < comboam4v2pi.1.2.0.cb (python)
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_3000_series_processors Affected: 0 , < castlepeakpl-sp3r3.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
    Affected: various , < castlepeakwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_threadripper_pro_3000wx_series_processors Affected: various , < chagallwspi-swrx8.1.0.0.8 (python)
        cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000_series_mobile_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
    Affected: various , < pollockpi-ft5.1.0.0.8 (python)
        cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors_with_radeon_graphics Affected: various , < picasso-fp5.1.0.1.2 (python)
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_mobile_processors_with_radeon_graphics Unaffected: various , < renoirpi-fp6.1.0.0.e (python)
        cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_mobile_processors_with_radeon_graphics Unaffected: various , < cezannepi-fp6.1.0.1.1 (python)
        cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7030_series-mobile_processors_with_radeon_graphics Affected: various , < cezannepi-fp6 (python)
        cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7045_series_mobile_processors Unaffected: various , < dragonrangefl1.1.0.0.3e (python)
        cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6000_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7020_processors_with_radeongraphics Affected: various , < mendocinopi-ft6.1.0.0.7 (python)
        cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7035_processors_with_radeongraphics Unaffected: various , < remembrandtpi-fp7.1.0.0.b (python)
        cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_8000_series_processors_with_radeongraphics Unaffected: various , < comboam5pi.1.2.0.1 (python)
        cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-09 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:56:32.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.darkreading.com/remote-workforce/amd-issues-updates-for-silicon-level-sinkclose-flaw"
              },
              {
                "url": "https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Enrique%20Nissim%20Krzysztof%20Okupski%20-%20AMD%20Sinkclose%20Universal%20Ring-2%20Privilege%20Escalation.pdf"
              },
              {
                "url": "https://news.ycombinator.com/item?id=41475975"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:1st_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "1st_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "naples.pi.1.0.0.m",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:3rd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "3rd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "milan.pi.1.0.0.d",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:2nd_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "2nd_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "rome.pi.1.0.0.j",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:4th_gen_amd_epyc_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "4th_gen_amd_epyc_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "genoa_pi_1.0.0.c",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7002",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_7003",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "epyc_embedded_9003",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "emgenoa.pi.1.0.0.7",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_7000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_5000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_5000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v3000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7040_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7040_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "phoenixpi-fp8-fp7.1.1.0.3",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "unaffected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "various"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7000_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam4v2pi.1.2.0.cb",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_3000_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_3000_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "castlepeakpl-sp3r3.1.0.0.b",
                    "status": "affected",
                    "version": "0",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "castlepeakwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_threadripper_pro_3000wx_series_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_3000wx_series_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "chagallwspi-swrx8.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:athlon_3000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  },
                  {
                    "lessThan": "pollockpi-ft5.1.0.0.8",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "picasso-fp5.1.0.1.2",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "renoirpi-fp6.1.0.0.e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6.1.0.1.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7030_series-mobile_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7030_series-mobile_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "cezannepi-fp6",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7045_series_mobile_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7045_series_mobile_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "dragonrangefl1.1.0.0.3e",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_6000_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6000_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7020_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7020_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "mendocinopi-ft6.1.0.0.7",
                    "status": "affected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_7035_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7035_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "remembrandtpi-fp7.1.0.0.b",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_8000_series_processors_with_radeongraphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_8000_series_processors_with_radeongraphics",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "comboam5pi.1.2.0.1",
                    "status": "unaffected",
                    "version": "various",
                    "versionType": "python"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31315",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T17:29:59.373286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T14:54:02.319Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Milan PI 1.0.0.D",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Naples PI 1.0.0.M",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Rome PI 1.0.0.J",
                  "status": "affected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "4th Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Genoa PI 1.0.0.C",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "Platform Initialization"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 9003",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "EmbGenoaPI 1.0.0.7",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM4v2PI 1.2.0.cb",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CastlePeakPI-SP3r3 1.0.0.B",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "CastlePeakWSPI-sWRX8 1.0.0.D",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ChagallWSPI-sWRX8 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                },
                {
                  "lessThan": "PollockPI-FT5 1.0.0.8",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "Picasso-FP5 1.0.1.2",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RenoirPI-FP6 1.0.0.E",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6 1.0.1.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "CezannePI-FP6",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "PhoenixPI-FP8-FP7 1.1.0.3",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "DragonRangeFL1 1.0.0.3e",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "MendocinoPI-FT6 1.0.0.7",
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "RembrandtPI-FP7 1.0.0.B",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 8000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "ComboAM5PI 1.2.0.1",
                  "status": "unaffected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            }
          ],
          "datePublic": "2024-08-09T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution.\u003c/span\u003e"
                }
              ],
              "value": "Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T15:37:24.501Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-31315",
        "datePublished": "2024-08-09T17:08:24.237Z",
        "dateReserved": "2023-04-27T15:25:41.423Z",
        "dateUpdated": "2024-09-12T12:56:32.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23829 (GCVE-0-2022-23829)

    Vulnerability from cvelistv5 – Published: 2024-06-18 19:01 – Updated: 2024-08-29 20:40
    VLAI
    Summary
    A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ Threadripper™ PRO Processors 5900 WX-Series Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Mobile Processors and Workstations Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor / 2nd Gen AMD Ryzen™ Mobile Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Threadripper™ PRO Processor Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC (TM) Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded 5000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V1000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V3000 Affected: various
    Create a notification for this product.
    amd ryzen_threadripper_pro_5995wx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_6980hx Affected: 0 , < * (custom)
        cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*
        cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-11 18:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5945wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5955wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5965wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5975wx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_threadripper_pro_5995wx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_threadripper_pro_5995wx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_6600h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6600u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800h:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6800u:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6900hx:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hs:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:amd:ryzen_6980hx:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_6980hx",
                "vendor": "amd",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23829",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T17:32:15.481387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:40:26.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors 5900 WX-Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 6000 Series Mobile Processors and Workstations",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor / 2nd Gen AMD Ryzen\u2122 Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC (TM) Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-06-11T18:54:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.\u003c/span\u003e\n\n"
                }
              ],
              "value": "A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T19:01:57.007Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1041.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23829",
        "datePublished": "2024-06-18T19:01:24.315Z",
        "dateReserved": "2022-01-21T17:20:55.781Z",
        "dateUpdated": "2024-08-29T20:40:26.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20579 (GCVE-0-2023-20579)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:32 – Updated: 2025-03-14 17:21
    VLAI
    Summary
    Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processor Affected: Various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T15:53:23.792810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T17:21:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:11.904Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20579",
        "datePublished": "2024-02-13T19:32:11.904Z",
        "dateReserved": "2022-10-27T18:53:39.757Z",
        "dateUpdated": "2025-03-14T17:21:09.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }