Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for athlon_pro_300ge_firmware by amd

    CVE-2022-23815 (GCVE-0-2022-23815)

    Vulnerability from nvd – Published: 2024-08-13 16:51 – Updated: 2025-03-18 20:42
    VLAI
    Summary
    Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.F
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R1000 Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R2000 Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V1000 Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    amd athlon_3000g Affected: various
    Unaffected: 1.0.0.F
    Unaffected: 1.0.0.5
    Unaffected: 1.0.0.E
        cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Unaffected: 1.2.0.A
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Unaffected: 1.0.0.2
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Unaffected: 1.2.0.A
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000g",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.0.0.F"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.0.0.5"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.0.0.E"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "1.2.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "1.0.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "1.2.0.A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:04:47.953819Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T20:42:11.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.F"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:51:43.735Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23815",
        "datePublished": "2024-08-13T16:51:43.735Z",
        "dateReserved": "2022-01-21T17:14:12.301Z",
        "dateUpdated": "2025-03-18T20:42:11.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26367 (GCVE-0-2021-26367)

    Vulnerability from nvd – Published: 2024-08-13 16:50 – Updated: 2024-12-04 16:25
    VLAI
    Summary
    A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Cards Unaffected: AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Cards Unaffected: AMD Software: PRO Edition 23.Q4 (23.30.13.03)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:04:31.680686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:25:09.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI  1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
                }
              ],
              "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:05.825Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26367",
        "datePublished": "2024-08-13T16:50:05.825Z",
        "dateReserved": "2021-01-29T21:24:26.151Z",
        "dateUpdated": "2024-12-04T16:25:09.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20521 (GCVE-0-2023-20521)

    Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax” Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T19:38:18.334372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T14:56:31.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:42:56.250Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20521",
        "datePublished": "2023-11-14T18:52:31.662Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2024-08-02T09:05:36.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20589 (GCVE-0-2023-20589)

    Vulnerability from nvd – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59
    VLAI
    Title
    fTPM Voltage Fault Injection
    Summary
    An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 4000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Ryzen™ PRO 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 2000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 6000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 7030 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Date Public
    2023-08-08 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T15:54:27.796904Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T15:59:15.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
              "vendor": " ",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 6000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 7030 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T17:04:17.854Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4005",
            "discovery": "UNKNOWN"
          },
          "title": "fTPM Voltage Fault Injection ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20589",
        "datePublished": "2023-08-08T17:04:17.854Z",
        "dateReserved": "2022-10-27T18:53:39.760Z",
        "dateUpdated": "2024-11-13T15:59:15.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20588 (GCVE-0-2023-20588)

    Vulnerability from nvd – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23
    VLAI
    Title
    Speculative Leaks
    Summary
    A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    URL Tags
    https://www.amd.com/en/corporate/product-security… vendor-advisory
    https://www.debian.org/security/2023/dsa-5480
    https://www.debian.org/security/2023/dsa-5492
    http://www.openwall.com/lists/oss-security/2023/09/25/3
    http://www.openwall.com/lists/oss-security/2023/09/25/4
    http://xenbits.xen.org/xsa/advisory-439.html
    http://www.openwall.com/lists/oss-security/2023/09/25/5
    http://www.openwall.com/lists/oss-security/2023/09/25/8
    http://www.openwall.com/lists/oss-security/2023/09/25/7
    http://www.openwall.com/lists/oss-security/2023/09/26/5
    http://www.openwall.com/lists/oss-security/2023/09/26/8
    http://www.openwall.com/lists/oss-security/2023/09/26/9
    http://www.openwall.com/lists/oss-security/2023/09/27/1
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/10/03/9
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/10/04/1
    http://www.openwall.com/lists/oss-security/2023/10/04/2
    http://www.openwall.com/lists/oss-security/2023/10/04/4
    http://www.openwall.com/lists/oss-security/2023/10/04/3
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.debian.org/debian-lts-announce/2023…
    https://security.netapp.com/advisory/ntap-2024053…
    Date Public
    2023-08-08 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5480"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5492"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-439.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:23:03.408701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:23:18.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "EPYC\u2122 7001 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T17:06:30.065Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5480"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5492"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
            },
            {
              "url": "http://xenbits.xen.org/xsa/advisory-439.html"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7007",
            "discovery": "UNKNOWN"
          },
          "title": "Speculative Leaks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20588",
        "datePublished": "2023-08-08T17:06:30.065Z",
        "dateReserved": "2022-10-27T18:53:39.759Z",
        "dateUpdated": "2024-10-17T14:23:18.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20555 (GCVE-0-2023-20555)

    Vulnerability from nvd – Published: 2023-08-08 17:07 – Updated: 2024-10-24 14:36
    VLAI
    Summary
    Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7000 Series Processors “Raphael” Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Mobile Processors "Rembrandt" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Mobile Processors “Barcelo” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7020 Series Mobile Processors “Mendocino” Affected: various
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: V1-1.0.0.A
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Affected: V2-PI_1.2.0.A
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_series_desktop_processors Affected: 1.0.0.6
        cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000g Affected: 1.0.0.A
    Affected: 1.2.0.A
        cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 1.2.0.A
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-08 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.881Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1-1.0.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2-PI_1.2.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000g",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.A"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.0.A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20555",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:30:24.857101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:36:35.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7000 Series Processors \u201cRaphael\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Mobile Processors  \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Mobile Processors \u201cBarcelo\u201d ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7020 Series Mobile Processors \u201cMendocino\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T17:07:24.476Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20555",
        "datePublished": "2023-08-08T17:07:24.476Z",
        "dateReserved": "2022-10-27T18:53:39.746Z",
        "dateUpdated": "2024-10-24T14:36:35.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12965 (GCVE-0-2020-12965)

    Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.
    Severity
    No CVSS data available.
    CWE
    • TBD
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD All supported processors Affected: unspecified , < undefined (custom)
    Create a notification for this product.
    Date Public
    2021-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010"
              },
              {
                "name": "[oss-security] 20231205 SLAM: Spectre based on Linear Address Masking",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/05/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "All supported processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "undefined",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "TBD",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-06T03:06:18.982Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010"
            },
            {
              "name": "[oss-security] 20231205 SLAM: Spectre based on Linear Address Masking",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/12/05/3"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1010",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2020-12965",
        "datePublished": "2022-02-04T22:29:13.634Z",
        "dateReserved": "2020-05-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:10.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23815 (GCVE-0-2022-23815)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:51 – Updated: 2025-03-18 20:42
    VLAI
    Summary
    Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various (PI)
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.F
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.5
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R1000 Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD RyzenTM Embedded R2000 Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD RyzenTM Embedded V1000 Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    amd athlon_3000g Affected: various
    Unaffected: 1.0.0.F
    Unaffected: 1.0.0.5
    Unaffected: 1.0.0.E
        cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r1000 Unaffected: 1.2.0.A
        cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_r2000 Unaffected: 1.0.0.2
        cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_embedded_v1000 Unaffected: 1.2.0.A
        cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-08-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000g",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "various"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.0.0.F"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.0.0.5"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.0.0.E"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "1.2.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_r2000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_r2000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "1.0.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_embedded_v1000:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_embedded_v1000",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "unaffected",
                    "version": "1.2.0.A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-23815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:04:47.953819Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T20:42:11.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various",
                  "versionType": "PI"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.F"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5  1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD RyzenTM Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution.\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:51:43.735Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23815",
        "datePublished": "2024-08-13T16:51:43.735Z",
        "dateReserved": "2022-01-21T17:14:12.301Z",
        "dateUpdated": "2025-03-18T20:42:11.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26367 (GCVE-0-2021-26367)

    Vulnerability from cvelistv5 – Published: 2024-08-13 16:50 – Updated: 2024-12-04 16:25
    VLAI
    Summary
    A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4PI 1.0.0.9
    Unaffected: ComboAM4v2 PI 1.2.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Unaffected: ComboAM4v2 PI 1.2.0.5
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: PollockPI-FT5 1.0.0.4
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics Unaffected: PicassoPI-FP5 1.0.0.E
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: RenoirPI-FP6 1.0.0.7
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Unaffected: CezannePI-FP6 1.0.0.6
    Create a notification for this product.
    AMD AMD Radeon™ RX 6000 Series Graphics Cards Unaffected: AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
    Create a notification for this product.
    AMD AMD Radeon™ PRO W6000 Series Graphics Cards Unaffected: AMD Software: PRO Edition 23.Q4 (23.30.13.03)
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: EmbeddedR2KPI-FP5 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Series Processors Unaffected: EmbeddedPI-FP5 1.2.0.A
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: EmbeddedPI-FP6 1.0.0.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-13T18:04:31.680686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T16:25:09.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4PI  1.0.0.9"
                },
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "ComboAM4v2 PI 1.2.0.5"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Athlon\u2122 3000 Series Mobile  Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PollockPI-FT5  1.0.0.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "PicassoPI-FP5  1.0.0.E"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "RenoirPI-FP6  1.0.0.7"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "CezannePI-FP6 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 RX 6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  Adrenalin Edition 23.12.1 (23.30.13.01)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Radeon\u2122 PRO W6000 Series Graphics Cards",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "AMD Software:  PRO Edition 23.Q4 (23.30.13.03)"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedR2KPI-FP5 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP5 1.2.0.A"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
                }
              ],
              "value": "A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:50:05.825Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html"
            },
            {
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26367",
        "datePublished": "2024-08-13T16:50:05.825Z",
        "dateReserved": "2021-01-29T21:24:26.151Z",
        "dateUpdated": "2024-12-04T16:25:09.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20521 (GCVE-0-2023-20521)

    Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax” Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5 Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 3000 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7002 Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R1000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded R2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V1000 Affected: various
    Create a notification for this product.
    Date Public
    2023-11-14 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-27T19:38:18.334372Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T14:56:31.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7002",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded R2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AMD Ryzen\u2122 Embedded V1000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-11-14T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T18:42:56.250Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20521",
        "datePublished": "2023-11-14T18:52:31.662Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2024-08-02T09:05:36.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20555 (GCVE-0-2023-20555)

    Vulnerability from cvelistv5 – Published: 2023-08-08 17:07 – Updated: 2024-10-24 14:36
    VLAI
    Summary
    Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7000 Series Processors “Raphael” Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5 Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Mobile Processors "Rembrandt" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Mobile Processors “Barcelo” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7020 Series Mobile Processors “Mendocino” Affected: various
    Create a notification for this product.
    amd ryzen_3000_series_desktop_processors Affected: V1-1.0.0.A
        cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_5000_series_desktop_processors Affected: V2-PI_1.2.0.A
        cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_7000_series_desktop_processors Affected: 1.0.0.6
        cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*
    Create a notification for this product.
    amd athlon_3000g Affected: 1.0.0.A
    Affected: 1.2.0.A
        cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*
    Create a notification for this product.
    amd ryzen_4000_series_desktop_processors_with_radeon_graphics Affected: 1.2.0.A
        cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-08-08 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.881Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_3000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_3000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1-1.0.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_5000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_5000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2-PI_1.2.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:ryzen_7000_series_desktop_processors:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_7000_series_desktop_processors",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:amd:athlon_3000g:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "athlon_3000g",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.A"
                  },
                  {
                    "status": "affected",
                    "version": "1.2.0.A"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:amd:ryzen_4000_series_desktop_processors_with_radeon_graphics:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ryzen_4000_series_desktop_processors_with_radeon_graphics",
                "vendor": "amd",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.2.0.A"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20555",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-24T14:30:24.857101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-24T14:36:35.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7000 Series Processors \u201cRaphael\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Mobile Processors  \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Mobile Processors \u201cBarcelo\u201d ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7020 Series Mobile Processors \u201cMendocino\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T17:07:24.476Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4003",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20555",
        "datePublished": "2023-08-08T17:07:24.476Z",
        "dateReserved": "2022-10-27T18:53:39.746Z",
        "dateUpdated": "2024-10-24T14:36:35.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20588 (GCVE-0-2023-20588)

    Vulnerability from cvelistv5 – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23
    VLAI
    Title
    Speculative Leaks
    Summary
    A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    URL Tags
    https://www.amd.com/en/corporate/product-security… vendor-advisory
    https://www.debian.org/security/2023/dsa-5480
    https://www.debian.org/security/2023/dsa-5492
    http://www.openwall.com/lists/oss-security/2023/09/25/3
    http://www.openwall.com/lists/oss-security/2023/09/25/4
    http://xenbits.xen.org/xsa/advisory-439.html
    http://www.openwall.com/lists/oss-security/2023/09/25/5
    http://www.openwall.com/lists/oss-security/2023/09/25/8
    http://www.openwall.com/lists/oss-security/2023/09/25/7
    http://www.openwall.com/lists/oss-security/2023/09/26/5
    http://www.openwall.com/lists/oss-security/2023/09/26/8
    http://www.openwall.com/lists/oss-security/2023/09/26/9
    http://www.openwall.com/lists/oss-security/2023/09/27/1
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.fedoraproject.org/archives/list/pac…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/10/03/9
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/1…
    http://www.openwall.com/lists/oss-security/2023/10/04/1
    http://www.openwall.com/lists/oss-security/2023/10/04/2
    http://www.openwall.com/lists/oss-security/2023/10/04/4
    http://www.openwall.com/lists/oss-security/2023/10/04/3
    https://lists.fedoraproject.org/archives/list/pac…
    https://lists.debian.org/debian-lts-announce/2023…
    https://security.netapp.com/advisory/ntap-2024053…
    Date Public
    2023-08-08 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5480"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5492"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://xenbits.xen.org/xsa/advisory-439.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20588",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:23:03.408701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:23:18.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "EPYC\u2122 7001 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T17:06:30.065Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5480"
            },
            {
              "url": "https://www.debian.org/security/2023/dsa-5492"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
            },
            {
              "url": "http://xenbits.xen.org/xsa/advisory-439.html"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7007",
            "discovery": "UNKNOWN"
          },
          "title": "Speculative Leaks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20588",
        "datePublished": "2023-08-08T17:06:30.065Z",
        "dateReserved": "2022-10-27T18:53:39.759Z",
        "dateUpdated": "2024-10-17T14:23:18.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20589 (GCVE-0-2023-20589)

    Vulnerability from cvelistv5 – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59
    VLAI
    Title
    fTPM Voltage Fault Injection
    Summary
    An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 3000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 4000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Ryzen™ PRO 5000 Series Desktop Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 2000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 3000 Series Processors Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 5000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 6000 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD Ryzen™ PRO 7030 Series Processors Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Date Public
    2023-08-08 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20589",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T15:54:27.796904Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T15:59:15.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
              "vendor": " ",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 5000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 6000 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 PRO 7030 Series Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": " ",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-08T17:04:17.854Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4005",
            "discovery": "UNKNOWN"
          },
          "title": "fTPM Voltage Fault Injection ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20589",
        "datePublished": "2023-08-08T17:04:17.854Z",
        "dateReserved": "2022-10-27T18:53:39.760Z",
        "dateUpdated": "2024-11-13T15:59:15.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12965 (GCVE-0-2020-12965)

    Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 22:40
    VLAI
    Summary
    When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.
    Severity
    No CVSS data available.
    CWE
    • TBD
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD All supported processors Affected: unspecified , < undefined (custom)
    Create a notification for this product.
    Date Public
    2021-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010"
              },
              {
                "name": "[oss-security] 20231205 SLAM: Spectre based on Linear Address Masking",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/05/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "All supported processors",
              "vendor": "AMD",
              "versions": [
                {
                  "lessThan": "undefined",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "TBD",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-06T03:06:18.982Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010"
            },
            {
              "name": "[oss-security] 20231205 SLAM: Spectre based on Linear Address Masking",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/12/05/3"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1010",
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2020-12965",
        "datePublished": "2022-02-04T22:29:13.634Z",
        "dateReserved": "2020-05-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:40:10.602Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }