Search
Find a vulnerability
Search criteria
32 vulnerabilities found for epyc_9274f_firmware by amd
CVE-2023-20591 (GCVE-0-2023-20591)
Vulnerability from nvd – Published: 2024-08-13 16:53 – Updated: 2025-03-13 16:41
VLAI
Summary
Improper re-initialization of IOMMU during the DRTM event
may permit an untrusted platform configuration to persist, allowing an attacker
to read or modify hypervisor memory, potentially resulting in loss of
confidentiality, integrity, and availability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-665 - Improper Initialization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors |
Unaffected:
MilanPI 1.0.0.B
(PI)
|
|
| AMD | AMD EPYC™ 9004 Series Processors |
Unaffected:
Genoa 1.0.0.8
|
|
| AMD | AMD EPYC™ Embedded 7003 Series Processors |
Unaffected:
EmbMilanPI-SP3 1.0.0.7
|
|
| AMD | AMD EPYC™ Embedded 9003 Series Processors |
Unaffected:
EmbGenoaPI-SP5 1.0.0.3
|
|
| amd | epyc_7003_firmware |
Affected:
0 , < milanpi_1.0.0.b
(custom)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_9003_firmware |
Affected:
0 , < genoapi_1.0.0.8
(custom)
cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_7773x_firmware |
Affected:
0 , < milanpi_1.0.0.b
(custom)
cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:* |
|
| amd | epyc_9754s_firmware |
Affected:
0 , < genoapi_1.0.0.8
(custom)
cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.b",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7773x_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.b",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9754s_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:13:17.696799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:41:15.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Genoa 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.3"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability.\n\n\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Improper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:53:23.681Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20591",
"datePublished": "2024-08-13T16:53:23.681Z",
"dateReserved": "2022-10-27T18:53:39.761Z",
"dateUpdated": "2025-03-13T16:41:15.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20584 (GCVE-0-2023-20584)
Vulnerability from nvd – Published: 2024-08-13 16:53 – Updated: 2024-11-05 21:40
VLAI
Summary
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
(PI)
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.B
|
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:31:27.946120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:40:37.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised \u003ca target=\"_blank\" rel=\"nofollow\"\u003eHypervisor \u003c/a\u003eto\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:53:18.373Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20584",
"datePublished": "2024-08-13T16:53:18.373Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-11-05T21:40:37.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from nvd – Published: 2024-08-13 16:52 – Updated: 2025-03-18 20:03
VLAI
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
NaplesPI 1.0.0.K
(PI)
|
|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
RomePI 1.0.0.G
|
|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.B
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.2
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
ComboAM5 1.0.0.1
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.7
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6 1.0.0.0
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Unaffected:
SnowyOwl PI 1.1.0.A
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Unaffected:
EmbRomePI-SP3 1.0.0.A
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Unaffected:
EmbMilanPI-SP3 1.0.0.7
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Unaffected:
EmbGenoaPI-SP5 1.0.0.0
|
|
| AMD | AMD Ryzen™ Embedded 7000 |
Unaffected:
EmbeddedAM5PI 1.0.0.0
|
|
| AMD | AMD RyzenTM Embedded V3000 |
Unaffected:
EmbeddedPI-FP7r2 1.0.0.8
|
|
| amd | epyc_7001 |
Unaffected:
1.0.0.k
cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* |
|
| amd | epyc_7002 |
Unaffected:
1.0.0.g
cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:* |
|
| amd | epyc_9004 |
Unaffected:
1.0.0.2
cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_3000 |
Unaffected:
1.1.0.a
cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7002 |
Unaffected:
1.0.0.a
cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7003 |
Unaffected:
1.0.0.7
cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_9003 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_7000 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_v3000 |
Unaffected:
1.0.0.8
cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:* |
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7001",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.k"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.g"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9004",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.1.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_9003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_7000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T15:56:35.845479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:03:43.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:58.457Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20578",
"datePublished": "2024-08-13T16:52:58.457Z",
"dateReserved": "2022-10-27T18:53:39.757Z",
"dateUpdated": "2025-03-18T20:03:43.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21980 (GCVE-0-2024-21980)
Vulnerability from nvd – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00
VLAI
Summary
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
Severity
7.9 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.amd.com/en/resources/product-… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various , < MilanPI 1.0.0.D
(Platform Initialization)
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various , < GenoaPI 1.0.0.C
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various , < EmbMilanPI-SP3 1.0.0.9
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various , < EmbGenoaPI-SP5 1.0.0.7
(Platform Initialization)
|
|
| amd | epyc_7003_firmware |
Affected:
0 , < milanpi_1.0.0.9_sp3
(custom)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_9003_firmware |
Affected:
0 , < genoapi_1.0.0.7_sp5
(custom)
cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_7773x_firmware |
Affected:
0 , < milanpi_1.0.0.d
(custom)
cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:* |
|
| amd | epyc_9754s_firmware |
Affected:
0 , < genoapi_1.0.0.c
(custom)
cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-05 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.9_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.7_sp5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7773x_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.d",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9754s_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.c",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:52:33.557459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T21:00:57.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI 1.0.0.D",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "GenoaPI 1.0.0.C",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbMilanPI-SP3 1.0.0.9",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbGenoaPI-SP5 1.0.0.7",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
}
],
"datePublic": "2024-08-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:06:36.216Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21980",
"datePublished": "2024-08-05T16:06:36.216Z",
"dateReserved": "2024-01-03T16:43:30.197Z",
"dateUpdated": "2024-08-05T21:00:57.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21978 (GCVE-0-2024-21978)
Vulnerability from nvd – Published: 2024-08-05 16:05 – Updated: 2024-08-05 17:36
VLAI
Summary
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.amd.com/en/resources/product-… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various , < MilanPI 1.0.0.D
(Platform Initialization)
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various , < GenoaPI 1.0.0.C
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various , < EmbMilanPI-SP3 1.0.0.9
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various , < EmbGenoaPI-SP5 1.0.0.7
(Platform Initialization)
|
|
| amd | epyc_7003_firmware |
Affected:
0 , < milanpi_1.0.0.9_sp3
(custom)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_9003_firmware |
Affected:
0 , < genoapi_1.0.0.7_sp5
(custom)
cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_7773x_firmware |
Affected:
0 , < milanpi_1.0.0.d
(custom)
cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:* |
|
| amd | epyc_9754s_firmware |
Affected:
0 , < genoapi_1.0.0.c
(custom)
cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-05 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.9_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.7_sp5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7773x_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.d",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9754s_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.c",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:01:18.171419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:36:02.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI 1.0.0.D",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "GenoaPI 1.0.0.C",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbMilanPI-SP3 1.0.0.9",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbGenoaPI-SP5 1.0.0.7",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
}
],
"datePublic": "2024-08-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:05:34.019Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21978",
"datePublished": "2024-08-05T16:05:34.019Z",
"dateReserved": "2024-01-03T16:43:30.197Z",
"dateUpdated": "2024-08-05T17:36:02.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31355 (GCVE-0-2023-31355)
Vulnerability from nvd – Published: 2024-08-05 16:04 – Updated: 2024-08-06 14:58
VLAI
Summary
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.amd.com/en/resources/product-… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various , < MilanPI 1.0.0.D
(Platform Initialization)
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various , < GenoaPI 1.0.0.C
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various , < EmbMilanPI-SP3 1.0.0.9
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various , < EmbGenoaPI-SP5 1.0.0.7
(Platform Initialization)
|
Date Public
2024-08-05 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:07:12.426239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:58:40.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI 1.0.0.D",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "GenoaPI 1.0.0.C",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbMilanPI-SP3 1.0.0.9",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbGenoaPI-SP5 1.0.0.7",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
}
],
"datePublic": "2024-08-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:24.813Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31355",
"datePublished": "2024-08-05T16:04:24.813Z",
"dateReserved": "2023-04-27T15:25:41.428Z",
"dateUpdated": "2024-08-06T14:58:40.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31347 (GCVE-0-2023-31347)
Vulnerability from nvd – Published: 2024-02-13 19:18 – Updated: 2025-03-17 17:46
VLAI
Summary
Due to a code bug in
Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a
guest to observe an incorrect TSC when Secure TSC is enabled potentially
resulting in a loss of guest integrity.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-682 - Incorrect Calculation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2024-02-14 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:50:42.676211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T17:46:05.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2024-02-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u0026nbsp;\n\n\n\n\u003cbr\u003e"
}
],
"value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:18:51.045Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"source": {
"advisory": "AMD-SB-3007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31347",
"datePublished": "2024-02-13T19:18:51.045Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2025-03-17T17:46:05.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31346 (GCVE-0-2023-31346)
Vulnerability from nvd – Published: 2024-02-13 19:18 – Updated: 2025-03-20 20:27
VLAI
Summary
Failure to initialize
memory in SEV Firmware may allow a privileged attacker to access stale data
from other guests.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2024-02-13 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:06:47.743045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T20:27:50.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2024-02-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:18:21.462Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"source": {
"advisory": "AMD-SB-3007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31346",
"datePublished": "2024-02-13T19:18:19.089Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2025-03-20T20:27:50.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20573 (GCVE-0-2023-20573)
Vulnerability from nvd – Published: 2024-01-11 13:53 – Updated: 2025-06-20 16:12
VLAI
Title
Debug Exception Delivery in Secure Nested Paging
Summary
A privileged attacker
can prevent delivery of debug exceptions to SEV-SNP guests potentially
resulting in guests not receiving expected debug information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
Various
|
Date Public
2024-01-09 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T20:36:55.598699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T16:12:15.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
}
],
"datePublic": "2024-01-09T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
}
],
"value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T13:53:52.581Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
}
],
"source": {
"advisory": "AMD-SB-3004",
"discovery": "UNKNOWN"
},
"title": "Debug Exception Delivery in Secure Nested Paging",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20573",
"datePublished": "2024-01-11T13:53:52.581Z",
"dateReserved": "2022-10-27T18:53:39.755Z",
"dateUpdated": "2025-06-20T16:12:15.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20566 (GCVE-0-2023-20566)
Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
VLAI
Summary
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-27T20:58:09.078592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:26:45.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:36:52.542Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
}
],
"source": {
"advisory": "AMD-SB-3002",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20566",
"datePublished": "2023-11-14T18:54:00.908Z",
"dateReserved": "2022-10-27T18:53:39.753Z",
"dateUpdated": "2024-12-03T14:26:45.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23830 (GCVE-0-2022-23830)
Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-03 03:51
VLAI
Summary
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPY™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPY\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:41:52.383Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23830",
"datePublished": "2023-11-14T18:53:28.408Z",
"dateReserved": "2022-01-21T17:20:55.781Z",
"dateUpdated": "2024-08-03T03:51:45.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46774 (GCVE-0-2021-46774)
Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
VLAI
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:52.542045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:31:43.449Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46774",
"datePublished": "2023-11-14T18:52:11.012Z",
"dateReserved": "2022-03-31T16:50:27.874Z",
"dateUpdated": "2024-10-11T18:07:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46766 (GCVE-0-2021-46766)
Vulnerability from nvd – Published: 2023-11-14 18:51 – Updated: 2024-08-04 05:17
VLAI
Summary
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
Severity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.\u003cbr\u003e"
}
],
"value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:40:54.027Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46766",
"datePublished": "2023-11-14T18:51:58.036Z",
"dateReserved": "2022-03-31T16:50:27.871Z",
"dateUpdated": "2024-08-04T05:17:42.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26345 (GCVE-0-2021-26345)
Vulnerability from nvd – Published: 2023-11-14 18:53 – Updated: 2024-08-03 20:26
VLAI
Summary
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:38:22.990Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-3002, AMD-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26345",
"datePublished": "2023-11-14T18:53:20.979Z",
"dateReserved": "2021-01-29T21:24:26.145Z",
"dateUpdated": "2024-08-03T20:26:24.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20569 (GCVE-0-2023-20569)
Vulnerability from nvd – Published: 2023-08-08 17:02 – Updated: 2024-09-23 03:18
VLAI
Summary
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Severity
No CVSS data available.
Assigner
References
12 references
Impacted products
26 products
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T03:18:32.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-434.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://comsec.ethz.ch/research/microarch/inception/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5475"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
"vendor": " ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 6000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": " 1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:02:11.318Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-434.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
},
{
"url": "https://comsec.ethz.ch/research/microarch/inception/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5475"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
}
],
"source": {
"advisory": "AMD-SB-7005",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20569",
"datePublished": "2023-08-08T17:02:11.318Z",
"dateReserved": "2022-10-27T18:53:39.754Z",
"dateUpdated": "2024-09-23T03:18:32.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20591 (GCVE-0-2023-20591)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:53 – Updated: 2025-03-13 16:41
VLAI
Summary
Improper re-initialization of IOMMU during the DRTM event
may permit an untrusted platform configuration to persist, allowing an attacker
to read or modify hypervisor memory, potentially resulting in loss of
confidentiality, integrity, and availability.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-665 - Improper Initialization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Series Processors |
Unaffected:
MilanPI 1.0.0.B
(PI)
|
|
| AMD | AMD EPYC™ 9004 Series Processors |
Unaffected:
Genoa 1.0.0.8
|
|
| AMD | AMD EPYC™ Embedded 7003 Series Processors |
Unaffected:
EmbMilanPI-SP3 1.0.0.7
|
|
| AMD | AMD EPYC™ Embedded 9003 Series Processors |
Unaffected:
EmbGenoaPI-SP5 1.0.0.3
|
|
| amd | epyc_7003_firmware |
Affected:
0 , < milanpi_1.0.0.b
(custom)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_9003_firmware |
Affected:
0 , < genoapi_1.0.0.8
(custom)
cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_7773x_firmware |
Affected:
0 , < milanpi_1.0.0.b
(custom)
cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:* |
|
| amd | epyc_9754s_firmware |
Affected:
0 , < genoapi_1.0.0.8
(custom)
cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.b",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7773x_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.b",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9754s_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T13:13:17.696799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T16:41:15.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "Genoa 1.0.0.8"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.3"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability.\n\n\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "Improper re-initialization of IOMMU during the DRTM event\nmay permit an untrusted platform configuration to persist, allowing an attacker\nto read or modify hypervisor memory, potentially resulting in loss of\nconfidentiality, integrity, and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:53:23.681Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20591",
"datePublished": "2024-08-13T16:53:23.681Z",
"dateReserved": "2022-10-27T18:53:39.761Z",
"dateUpdated": "2025-03-13T16:41:15.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20584 (GCVE-0-2023-20584)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:53 – Updated: 2024-11-05 21:40
VLAI
Summary
IOMMU improperly handles certain special address
ranges with invalid device table entries (DTEs), which may allow an attacker
with privileges and a compromised Hypervisor to
induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a
loss of guest integrity.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.C
(PI)
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.B
|
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T17:31:27.946120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:40:37.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.C",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.B"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised \u003ca target=\"_blank\" rel=\"nofollow\"\u003eHypervisor \u003c/a\u003eto\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\n\n\u003cdiv\u003e\n\n\n\n\n\n\u003cdiv\u003e\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\n\n\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "IOMMU improperly handles certain special address\nranges with invalid device table entries (DTEs), which may allow an attacker\nwith privileges and a compromised Hypervisor to\ninduce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a\nloss of guest integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:53:18.373Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20584",
"datePublished": "2024-08-13T16:53:18.373Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-11-05T21:40:37.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20578 (GCVE-0-2023-20578)
Vulnerability from cvelistv5 – Published: 2024-08-13 16:52 – Updated: 2025-03-18 20:03
VLAI
Summary
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrary code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | vendor-advisory |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD EPYC™ 7001 Processors |
Unaffected:
NaplesPI 1.0.0.K
(PI)
|
|
| AMD | AMD EPYC™ 7002 Processors |
Unaffected:
RomePI 1.0.0.G
|
|
| AMD | AMD EPYC™ 7003 Processors |
Unaffected:
MilanPI 1.0.0.B
|
|
| AMD | AMD EPYC™ 9004 Processors |
Unaffected:
GenoaPI 1.0.0.2
|
|
| AMD | AMD Ryzen™ 7000 Series Desktop Processors |
Unaffected:
ComboAM5 1.0.0.1
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 5000WX Processors |
Unaffected:
ChagallWSPI-sWRX8 1.0.0.7
|
|
| AMD | AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics |
Unaffected:
MendocinoPI-FT6 1.0.0.0
|
|
| AMD | AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
Unaffected:
RembrandtPI-FP7 1.0.0.9b
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Unaffected:
SnowyOwl PI 1.1.0.A
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Unaffected:
EmbRomePI-SP3 1.0.0.A
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Unaffected:
EmbMilanPI-SP3 1.0.0.7
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Unaffected:
EmbGenoaPI-SP5 1.0.0.0
|
|
| AMD | AMD Ryzen™ Embedded 7000 |
Unaffected:
EmbeddedAM5PI 1.0.0.0
|
|
| AMD | AMD RyzenTM Embedded V3000 |
Unaffected:
EmbeddedPI-FP7r2 1.0.0.8
|
|
| amd | epyc_7001 |
Unaffected:
1.0.0.k
cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* |
|
| amd | epyc_7002 |
Unaffected:
1.0.0.g
cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:* |
|
| amd | epyc_9004 |
Unaffected:
1.0.0.2
cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_3000 |
Unaffected:
1.1.0.a
cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7002 |
Unaffected:
1.0.0.a
cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_7003 |
Unaffected:
1.0.0.7
cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:* |
|
| amd | epyc_embedded_9003 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_7000 |
Unaffected:
1.0.0.0
cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:* |
|
| amd | ryzen_embedded_v3000 |
Unaffected:
1.0.0.8
cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:* |
Date Public
2024-08-13 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7001",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.k"
}
]
},
{
"cpes": [
"cpe:2.3:h:amd:epyc_7002:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.g"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_9004:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9004",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.1.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7002:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7002",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.a"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_7003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_7003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:epyc_embedded_9003:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_embedded_9003",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_7000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_7000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:amd:ryzen_embedded_v3000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ryzen_embedded_v3000",
"vendor": "amd",
"versions": [
{
"status": "unaffected",
"version": "1.0.0.8"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T15:56:35.845479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:03:43.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"product": "AMD EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "NaplesPI 1.0.0.K",
"versionType": "PI"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RomePI 1.0.0.G"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7003 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MilanPI 1.0.0.B"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 9004 Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "GenoaPI 1.0.0.2"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM5 1.0.0.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RembrandtPI-FP7 1.0.0.9b"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "SnowyOwl PI 1.1.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbRomePI-SP3 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbMilanPI-SP3 1.0.0.7"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbGenoaPI-SP5 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded 7000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedAM5PI 1.0.0.0"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD RyzenTM Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP7r2 1.0.0.8"
}
]
}
],
"datePublic": "2024-08-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications \u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\"\u003ebuffer\u0026nbsp;\u003c/a\u003epotentially\nresulting in arbitrary code execution.\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\n\n\n\n\u003c/span\u003e"
}
],
"value": "A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow\nan attacker with ring0 privileges and access to the\nBIOS menu or UEFI shell to modify the communications buffer\u00a0potentially\nresulting in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:52:58.457Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20578",
"datePublished": "2024-08-13T16:52:58.457Z",
"dateReserved": "2022-10-27T18:53:39.757Z",
"dateUpdated": "2025-03-18T20:03:43.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21980 (GCVE-0-2024-21980)
Vulnerability from cvelistv5 – Published: 2024-08-05 16:06 – Updated: 2024-08-05 21:00
VLAI
Summary
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
Severity
7.9 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.amd.com/en/resources/product-… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various , < MilanPI 1.0.0.D
(Platform Initialization)
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various , < GenoaPI 1.0.0.C
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various , < EmbMilanPI-SP3 1.0.0.9
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various , < EmbGenoaPI-SP5 1.0.0.7
(Platform Initialization)
|
|
| amd | epyc_7003_firmware |
Affected:
0 , < milanpi_1.0.0.9_sp3
(custom)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_9003_firmware |
Affected:
0 , < genoapi_1.0.0.7_sp5
(custom)
cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_7773x_firmware |
Affected:
0 , < milanpi_1.0.0.d
(custom)
cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:* |
|
| amd | epyc_9754s_firmware |
Affected:
0 , < genoapi_1.0.0.c
(custom)
cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-05 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.9_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.7_sp5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7773x_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.d",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9754s_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.c",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:52:33.557459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T21:00:57.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI 1.0.0.D",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "GenoaPI 1.0.0.C",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbMilanPI-SP3 1.0.0.9",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbGenoaPI-SP5 1.0.0.7",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
}
],
"datePublic": "2024-08-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest\u0027s memory or UMC seed resulting in loss of confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:06:36.216Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21980",
"datePublished": "2024-08-05T16:06:36.216Z",
"dateReserved": "2024-01-03T16:43:30.197Z",
"dateUpdated": "2024-08-05T21:00:57.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21978 (GCVE-0-2024-21978)
Vulnerability from cvelistv5 – Published: 2024-08-05 16:05 – Updated: 2024-08-05 17:36
VLAI
Summary
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.amd.com/en/resources/product-… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various , < MilanPI 1.0.0.D
(Platform Initialization)
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various , < GenoaPI 1.0.0.C
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various , < EmbMilanPI-SP3 1.0.0.9
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various , < EmbGenoaPI-SP5 1.0.0.7
(Platform Initialization)
|
|
| amd | epyc_7003_firmware |
Affected:
0 , < milanpi_1.0.0.9_sp3
(custom)
cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_9003_firmware |
Affected:
0 , < genoapi_1.0.0.7_sp5
(custom)
cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:* |
|
| amd | epyc_7773x_firmware |
Affected:
0 , < milanpi_1.0.0.d
(custom)
cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:* |
|
| amd | epyc_9754s_firmware |
Affected:
0 , < genoapi_1.0.0.c
(custom)
cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-05 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:amd:epyc_7003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.9_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_9003_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9003_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.7_sp5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_7203_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7203p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_72f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7303p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7313p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7343_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7373x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7413_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7443p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7453_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7473x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_74f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7513_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7543_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7573x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_75f3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7643p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7663p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7713p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7763_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_7773x_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_7773x_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "milanpi_1.0.0.d",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:amd:epyc_8024p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8024pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8124pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8224pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8324pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8434pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_8534pn_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9124_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9174f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9184x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9224_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9254_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9274f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9334_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9354p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9374f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9384x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9454p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9474f_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9534_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9554p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9634_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9654p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9684x_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9734_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:amd:epyc_9754s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epyc_9754s_firmware",
"vendor": "amd",
"versions": [
{
"lessThan": "genoapi_1.0.0.c",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:01:18.171419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:36:02.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI 1.0.0.D",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "GenoaPI 1.0.0.C",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbMilanPI-SP3 1.0.0.9",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbGenoaPI-SP5 1.0.0.7",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
}
],
"datePublic": "2024-08-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:05:34.019Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2024-21978",
"datePublished": "2024-08-05T16:05:34.019Z",
"dateReserved": "2024-01-03T16:43:30.197Z",
"dateUpdated": "2024-08-05T17:36:02.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31355 (GCVE-0-2023-31355)
Vulnerability from cvelistv5 – Published: 2024-08-05 16:04 – Updated: 2024-08-06 14:58
VLAI
Summary
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://https://www.amd.com/en/resources/product-… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various , < MilanPI 1.0.0.D
(Platform Initialization)
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various , < GenoaPI 1.0.0.C
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various , < EmbMilanPI-SP3 1.0.0.9
(Platform Initialization)
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various , < EmbGenoaPI-SP5 1.0.0.7
(Platform Initialization)
|
Date Public
2024-08-05 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:07:12.426239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:58:40.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "MilanPI 1.0.0.D",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"lessThan": "GenoaPI 1.0.0.C",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbMilanPI-SP3 1.0.0.9",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"lessThan": "EmbGenoaPI-SP5 1.0.0.7",
"status": "affected",
"version": "various",
"versionType": "Platform Initialization"
}
]
}
],
"datePublic": "2024-08-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest\u0027s UMC seed potentially allowing reading of memory from a decommissioned guest."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:24.813Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3011.html"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31355",
"datePublished": "2024-08-05T16:04:24.813Z",
"dateReserved": "2023-04-27T15:25:41.428Z",
"dateUpdated": "2024-08-06T14:58:40.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31347 (GCVE-0-2023-31347)
Vulnerability from cvelistv5 – Published: 2024-02-13 19:18 – Updated: 2025-03-17 17:46
VLAI
Summary
Due to a code bug in
Secure_TSC, SEV firmware may allow an attacker with high privileges to cause a
guest to observe an incorrect TSC when Secure TSC is enabled potentially
resulting in a loss of guest integrity.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-682 - Incorrect Calculation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2024-02-14 17:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:31.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:50:42.676211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T17:46:05.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2024-02-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u0026nbsp;\n\n\n\n\u003cbr\u003e"
}
],
"value": "Due to a code bug in\nSecure_TSC, SEV firmware may allow an attacker with high privileges to cause a\nguest to observe an incorrect TSC when Secure TSC is enabled potentially\nresulting in a loss of guest integrity. \u00a0\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:18:51.045Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"source": {
"advisory": "AMD-SB-3007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31347",
"datePublished": "2024-02-13T19:18:51.045Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2025-03-17T17:46:05.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31346 (GCVE-0-2023-31346)
Vulnerability from cvelistv5 – Published: 2024-02-13 19:18 – Updated: 2025-03-20 20:27
VLAI
Summary
Failure to initialize
memory in SEV Firmware may allow a privileged attacker to access stale data
from other guests.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2024-02-13 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:06:47.743045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T20:27:50.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2024-02-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:18:21.462Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007"
}
],
"source": {
"advisory": "AMD-SB-3007",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-31346",
"datePublished": "2024-02-13T19:18:19.089Z",
"dateReserved": "2023-04-27T15:25:41.427Z",
"dateUpdated": "2025-03-20T20:27:50.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20573 (GCVE-0-2023-20573)
Vulnerability from cvelistv5 – Published: 2024-01-11 13:53 – Updated: 2025-06-20 16:12
VLAI
Title
Debug Exception Delivery in Secure Nested Paging
Summary
A privileged attacker
can prevent delivery of debug exceptions to SEV-SNP guests potentially
resulting in guests not receiving expected debug information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
Various
|
Date Public
2024-01-09 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20573",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T20:36:55.598699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T16:12:15.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
}
],
"datePublic": "2024-01-09T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
}
],
"value": "A privileged attacker\ncan prevent delivery of debug exceptions to SEV-SNP guests potentially\nresulting in guests not receiving expected debug information.\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T13:53:52.581Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3006"
}
],
"source": {
"advisory": "AMD-SB-3004",
"discovery": "UNKNOWN"
},
"title": "Debug Exception Delivery in Secure Nested Paging",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20573",
"datePublished": "2024-01-11T13:53:52.581Z",
"dateReserved": "2022-10-27T18:53:39.755Z",
"dateUpdated": "2025-06-20T16:12:15.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20566 (GCVE-0-2023-20566)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
VLAI
Summary
Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-27T20:58:09.078592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:26:45.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:36:52.542Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
}
],
"source": {
"advisory": "AMD-SB-3002",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20566",
"datePublished": "2023-11-14T18:54:00.908Z",
"dateReserved": "2022-10-27T18:53:39.753Z",
"dateUpdated": "2024-12-03T14:26:45.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23830 (GCVE-0-2022-23830)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:53 – Updated: 2024-08-03 03:51
VLAI
Summary
SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPY™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPY\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:41:52.383Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23830",
"datePublished": "2023-11-14T18:53:28.408Z",
"dateReserved": "2022-01-21T17:20:55.781Z",
"dateUpdated": "2024-08-03T03:51:45.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26345 (GCVE-0-2021-26345)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:53 – Updated: 2024-08-03 20:26
VLAI
Summary
Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:38:22.990Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-3002, AMD-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26345",
"datePublished": "2023-11-14T18:53:20.979Z",
"dateReserved": "2021-01-29T21:24:26.145Z",
"dateUpdated": "2024-08-03T20:26:24.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46774 (GCVE-0-2021-46774)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
VLAI
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:52.542045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:31:43.449Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46774",
"datePublished": "2023-11-14T18:52:11.012Z",
"dateReserved": "2022-03-31T16:50:27.874Z",
"dateUpdated": "2024-10-11T18:07:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46766 (GCVE-0-2021-46766)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:51 – Updated: 2024-08-04 05:17
VLAI
Summary
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
Severity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 9003 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 9003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.\u003cbr\u003e"
}
],
"value": "Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:40:54.027Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46766",
"datePublished": "2023-11-14T18:51:58.036Z",
"dateReserved": "2022-03-31T16:50:27.871Z",
"dateUpdated": "2024-08-04T05:17:42.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20569 (GCVE-0-2023-20569)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:02 – Updated: 2024-09-23 03:18
VLAI
Summary
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Severity
No CVSS data available.
Assigner
References
12 references
Impacted products
26 products
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T03:18:32.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-434.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://comsec.ethz.ch/research/microarch/inception/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5475"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
"vendor": " ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 6000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": " 1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:02:11.318Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-434.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
},
{
"url": "https://comsec.ethz.ch/research/microarch/inception/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5475"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
}
],
"source": {
"advisory": "AMD-SB-7005",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20569",
"datePublished": "2023-08-08T17:02:11.318Z",
"dateReserved": "2022-10-27T18:53:39.754Z",
"dateUpdated": "2024-09-23T03:18:32.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}