Search

Find a vulnerability

Search criteria

    66 vulnerabilities found for epyc_7002_firmware by amd

    CVE-2021-26371 (GCVE-0-2021-26371)

    Vulnerability from nvd – Published: 2023-05-09 18:59 – Updated: 2025-01-28 15:46
    VLAI
    Summary
    A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Chagall” WS Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    Date Public
    2023-05-09 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T15:45:57.811621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:46:02.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-05-09T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T18:59:16.122Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4001, AMD-SB-3001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26371",
        "datePublished": "2023-05-09T18:59:16.122Z",
        "dateReserved": "2021-01-29T21:24:26.152Z",
        "dateUpdated": "2025-01-28T15:46:02.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26356 (GCVE-0-2021-26356)

    Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:48
    VLAI
    Summary
    A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    AMD
    Date Public
    2023-05-09 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T15:48:34.459184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:48:38.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-05-09T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T18:58:48.108Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4001, AMD-SB-3001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26356",
        "datePublished": "2023-05-09T18:58:48.108Z",
        "dateReserved": "2021-01-29T21:24:26.149Z",
        "dateUpdated": "2025-01-28T15:48:38.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26354 (GCVE-0-2021-26354)

    Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:50
    VLAI
    Summary
    Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Affected: Various
    Create a notification for this product.
    AMD 2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Chagall” WS Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    Date Public
    2023-05-09 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T15:50:31.473767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:50:35.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-05-09T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T18:58:37.664Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4001, AMD-SB-3001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26354",
        "datePublished": "2023-05-09T18:58:37.664Z",
        "dateReserved": "2021-01-29T21:24:26.148Z",
        "dateUpdated": "2025-01-28T15:50:35.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20532 (GCVE-0-2023-20532)

    Vulnerability from nvd – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:33
    VLAI
    Summary
    Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:55:46.581295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:33:14.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20532",
        "datePublished": "2023-01-10T20:57:08.762Z",
        "dateReserved": "2022-10-27T18:53:39.739Z",
        "dateUpdated": "2025-04-07T18:33:14.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20531 (GCVE-0-2023-20531)

    Vulnerability from nvd – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:33
    VLAI
    Summary
    Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20531",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:56:38.825466Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:33:55.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20531",
        "datePublished": "2023-01-10T20:57:07.471Z",
        "dateReserved": "2022-10-27T18:53:39.739Z",
        "dateUpdated": "2025-04-07T18:33:55.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20529 (GCVE-0-2023-20529)

    Vulnerability from nvd – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:34
    VLAI
    Summary
    Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20529",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:58:06.650420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:34:54.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20529",
        "datePublished": "2023-01-10T20:57:04.799Z",
        "dateReserved": "2022-10-27T18:53:39.738Z",
        "dateUpdated": "2025-04-07T18:34:54.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20528 (GCVE-0-2023-20528)

    Vulnerability from nvd – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:35
    VLAI
    Summary
    Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20528",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:58:44.299784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:35:25.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20528",
        "datePublished": "2023-01-10T20:57:03.392Z",
        "dateReserved": "2022-10-27T18:53:39.738Z",
        "dateUpdated": "2025-04-07T18:35:25.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20527 (GCVE-0-2023-20527)

    Vulnerability from nvd – Published: 2023-01-10 20:57 – Updated: 2025-04-07 15:47
    VLAI
    Summary
    Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.888Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:15:59.447266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T15:47:00.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.\u003cbr\u003e"
                }
              ],
              "value": "Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20527",
        "datePublished": "2023-01-10T20:57:02.034Z",
        "dateReserved": "2022-10-27T18:53:39.738Z",
        "dateUpdated": "2025-04-07T15:47:00.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20525 (GCVE-0-2023-20525)

    Vulnerability from nvd – Published: 2023-01-10 20:57 – Updated: 2025-04-07 15:47
    VLAI
    Summary
    Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:17:27.182176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T15:47:21.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20525",
        "datePublished": "2023-01-10T20:57:00.713Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2025-04-07T15:47:21.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20523 (GCVE-0-2023-20523)

    Vulnerability from nvd – Published: 2023-01-10 20:56 – Updated: 2025-04-07 15:47
    VLAI
    Summary
    TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.871Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:18:11.465497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T15:47:41.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.\u003cbr\u003e"
                }
              ],
              "value": "TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20523",
        "datePublished": "2023-01-10T20:56:59.383Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2025-04-07T15:47:41.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26403 (GCVE-0-2021-26403)

    Vulnerability from nvd – Published: 2023-01-10 20:56 – Updated: 2025-04-08 20:24
    VLAI
    Summary
    Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T20:23:12.551643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-345",
                    "description": "CWE-345 Insufficient Verification of Data Authenticity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T20:24:38.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26403",
        "datePublished": "2023-01-10T20:56:43.160Z",
        "dateReserved": "2021-01-29T21:24:26.169Z",
        "dateUpdated": "2025-04-08T20:24:38.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26402 (GCVE-0-2021-26402)

    Vulnerability from nvd – Published: 2023-01-10 20:56 – Updated: 2025-04-08 20:27
    VLAI
    Summary
    Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-787 - Out-of-bounds Write
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26402",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T20:26:11.401792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T20:27:13.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26402",
        "datePublished": "2023-01-10T20:56:41.784Z",
        "dateReserved": "2021-01-29T21:24:26.169Z",
        "dateUpdated": "2025-04-08T20:27:13.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26398 (GCVE-0-2021-26398)

    Vulnerability from nvd – Published: 2023-01-10 20:56 – Updated: 2025-04-09 14:38
    VLAI
    Summary
    Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-787 - Out-of-bounds Write
    Assigner
    AMD
    References
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:37:21.765798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:38:06.009Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26398",
        "datePublished": "2023-01-10T20:56:40.452Z",
        "dateReserved": "2021-01-29T21:24:26.167Z",
        "dateUpdated": "2025-04-09T14:38:06.009Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26316 (GCVE-0-2021-26316)

    Vulnerability from nvd – Published: 2023-01-10 19:46 – Updated: 2025-04-09 15:19
    VLAI
    Summary
    Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:18:38.823141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:19:17.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 2000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 3000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
                }
              ],
              "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031, AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26316",
        "datePublished": "2023-01-10T19:46:46.575Z",
        "dateReserved": "2021-01-29T21:24:26.137Z",
        "dateUpdated": "2025-04-09T15:19:17.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23824 (GCVE-0-2022-23824)

    Vulnerability from nvd – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "FEDORA-2022-9f51d13fa3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
              },
              {
                "name": "FEDORA-2022-53a4a5dd11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
              },
              {
                "name": "DSA-5378",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5378"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-17T01:23:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "FEDORA-2022-9f51d13fa3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
            },
            {
              "name": "FEDORA-2022-53a4a5dd11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
            },
            {
              "name": "DSA-5378",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5378"
            },
            {
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23824",
        "datePublished": "2022-11-09T20:48:06.826Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:23.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26371 (GCVE-0-2021-26371)

    Vulnerability from cvelistv5 – Published: 2023-05-09 18:59 – Updated: 2025-01-28 15:46
    VLAI
    Summary
    A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Chagall” WS Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD 1st Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    Date Public
    2023-05-09 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T15:45:57.811621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:46:02.389Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-05-09T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T18:59:16.122Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4001, AMD-SB-3001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26371",
        "datePublished": "2023-05-09T18:59:16.122Z",
        "dateReserved": "2021-01-29T21:24:26.152Z",
        "dateUpdated": "2025-01-28T15:46:02.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26356 (GCVE-0-2021-26356)

    Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:48
    VLAI
    Summary
    A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    AMD
    Date Public
    2023-05-09 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.804Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T15:48:34.459184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:48:38.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-05-09T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T18:58:48.108Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4001, AMD-SB-3001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26356",
        "datePublished": "2023-05-09T18:58:48.108Z",
        "dateReserved": "2021-01-29T21:24:26.149Z",
        "dateUpdated": "2025-01-28T15:48:38.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26354 (GCVE-0-2021-26354)

    Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:50
    VLAI
    Summary
    Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 2000 Series Desktop Processors “Pinnacle Ridge” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 Affected: Various
    Create a notification for this product.
    AMD 2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Chagall” WS Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP Affected: various
    Create a notification for this product.
    AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD 2nd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    Date Public
    2023-05-09 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26354",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T15:50:31.473767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T15:50:35.057Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series Desktop Processors \u201cPinnacle Ridge\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cColfax\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-05-09T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T18:58:37.664Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4001, AMD-SB-3001",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26354",
        "datePublished": "2023-05-09T18:58:37.664Z",
        "dateReserved": "2021-01-29T21:24:26.148Z",
        "dateUpdated": "2025-01-28T15:50:35.057Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20532 (GCVE-0-2023-20532)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:33
    VLAI
    Summary
    Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:55:46.581295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:33:14.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20532",
        "datePublished": "2023-01-10T20:57:08.762Z",
        "dateReserved": "2022-10-27T18:53:39.739Z",
        "dateUpdated": "2025-04-07T18:33:14.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20531 (GCVE-0-2023-20531)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:33
    VLAI
    Summary
    Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20531",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:56:38.825466Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:33:55.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20531",
        "datePublished": "2023-01-10T20:57:07.471Z",
        "dateReserved": "2022-10-27T18:53:39.739Z",
        "dateUpdated": "2025-04-07T18:33:55.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20529 (GCVE-0-2023-20529)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:34
    VLAI
    Summary
    Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.240Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20529",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:58:06.650420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:34:54.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20529",
        "datePublished": "2023-01-10T20:57:04.799Z",
        "dateReserved": "2022-10-27T18:53:39.738Z",
        "dateUpdated": "2025-04-07T18:34:54.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20528 (GCVE-0-2023-20528)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:57 – Updated: 2025-04-07 18:35
    VLAI
    Summary
    Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.4,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20528",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:58:44.299784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T18:35:25.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20528",
        "datePublished": "2023-01-10T20:57:03.392Z",
        "dateReserved": "2022-10-27T18:53:39.738Z",
        "dateUpdated": "2025-04-07T18:35:25.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20527 (GCVE-0-2023-20527)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:57 – Updated: 2025-04-07 15:47
    VLAI
    Summary
    Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.888Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:15:59.447266Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T15:47:00.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.\u003cbr\u003e"
                }
              ],
              "value": "Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20527",
        "datePublished": "2023-01-10T20:57:02.034Z",
        "dateReserved": "2022-10-27T18:53:39.738Z",
        "dateUpdated": "2025-04-07T15:47:00.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20525 (GCVE-0-2023-20525)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:57 – Updated: 2025-04-07 15:47
    VLAI
    Summary
    Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20525",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:17:27.182176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T15:47:21.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20525",
        "datePublished": "2023-01-10T20:57:00.713Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2025-04-07T15:47:21.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20523 (GCVE-0-2023-20523)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:56 – Updated: 2025-04-07 15:47
    VLAI
    Summary
    TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.871Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20523",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T15:18:11.465497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T15:47:41.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.\u003cbr\u003e"
                }
              ],
              "value": "TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20523",
        "datePublished": "2023-01-10T20:56:59.383Z",
        "dateReserved": "2022-10-27T18:53:39.737Z",
        "dateUpdated": "2025-04-07T15:47:41.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26403 (GCVE-0-2021-26403)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:56 – Updated: 2025-04-08 20:24
    VLAI
    Summary
    Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T20:23:12.551643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-345",
                    "description": "CWE-345 Insufficient Verification of Data Authenticity",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T20:24:38.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26403",
        "datePublished": "2023-01-10T20:56:43.160Z",
        "dateReserved": "2021-01-29T21:24:26.169Z",
        "dateUpdated": "2025-04-08T20:24:38.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26402 (GCVE-0-2021-26402)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:56 – Updated: 2025-04-08 20:27
    VLAI
    Summary
    Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-787 - Out-of-bounds Write
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26402",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T20:26:11.401792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T20:27:13.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26402",
        "datePublished": "2023-01-10T20:56:41.784Z",
        "dateReserved": "2021-01-29T21:24:26.169Z",
        "dateUpdated": "2025-04-08T20:27:13.237Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26398 (GCVE-0-2021-26398)

    Vulnerability from cvelistv5 – Published: 2023-01-10 20:56 – Updated: 2025-04-09 14:38
    VLAI
    Summary
    Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-787 - Out-of-bounds Write
    Assigner
    AMD
    References
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:37:21.765798Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:38:06.009Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26398",
        "datePublished": "2023-01-10T20:56:40.452Z",
        "dateReserved": "2021-01-29T21:24:26.167Z",
        "dateUpdated": "2025-04-09T14:38:06.009Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26316 (GCVE-0-2021-26316)

    Vulnerability from cvelistv5 – Published: 2023-01-10 19:46 – Updated: 2025-04-09 15:19
    VLAI
    Summary
    Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:18:38.823141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:19:17.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 2000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 3000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
                }
              ],
              "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031, AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26316",
        "datePublished": "2023-01-10T19:46:46.575Z",
        "dateReserved": "2021-01-29T21:24:26.137Z",
        "dateUpdated": "2025-04-09T15:19:17.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23824 (GCVE-0-2022-23824)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "FEDORA-2022-9f51d13fa3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
              },
              {
                "name": "FEDORA-2022-53a4a5dd11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
              },
              {
                "name": "DSA-5378",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5378"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-17T01:23:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "FEDORA-2022-9f51d13fa3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
            },
            {
              "name": "FEDORA-2022-53a4a5dd11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
            },
            {
              "name": "DSA-5378",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5378"
            },
            {
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23824",
        "datePublished": "2022-11-09T20:48:06.826Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:23.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }