Vulnerability-Lookup

OpenCL

Affected: 3.0.11 , ≤ 3.0.11 (custom)

Vulkan

Affected: 1.3.224 , ≤ 1.3.224 (custom)

Credits

Trail of Bits

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/446598"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.trailofbits.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/446598"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-4969",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-18T14:52:39.700257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T17:10:16.313Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenCL",
          "vendor": "Khronos Group",
          "versions": [
            {
              "lessThanOrEqual": "3.0.11",
              "status": "affected",
              "version": "3.0.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vulkan",
          "vendor": "Khronos Group",
          "versions": [
            {
              "lessThanOrEqual": "1.3.224",
              "status": "affected",
              "version": "1.3.224",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Trail of Bits"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T17:05:06.604Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
        },
        {
          "url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
        },
        {
          "url": "https://kb.cert.org/vuls/id/446598"
        },
        {
          "url": "https://blog.trailofbits.com"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/446598"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GPU kernel implementations susceptible to memory leak",
      "x_generator": {
        "engine": "VINCE 2.1.9",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-4969"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2023-4969",
    "datePublished": "2024-01-16T17:01:29.598Z",
    "dateReserved": "2023-09-14T17:07:51.604Z",
    "dateUpdated": "2025-06-20T17:10:16.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20597 (GCVE-0-2023-20597)

Vulnerability from nvd – Published: 2023-09-20 17:32 – Updated: 2025-06-27 21:45

Summary

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Severity ?

No CVSS data available.

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R"	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo"	Affected: various
AMD	Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	AMD EPYC™ Embedded 7003	Unaffected: EmbMilanPI-SP3 1.0.0.6
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.2
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.8
AMD	AMD Ryzen™ Embedded V3000	Unaffected: EmbeddedPI-FP7r2 1.0.0.4

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T16:02:44.267356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T16:04:20.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2    1.0.0.4"
            }
          ]
        }
      ],
      "datePublic": "2023-09-20T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T21:45:52.386Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4007",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20597",
    "datePublished": "2023-09-20T17:32:18.969Z",
    "dateReserved": "2022-10-27T18:53:39.763Z",
    "dateUpdated": "2025-06-27T21:45:52.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20594 (GCVE-0-2023-20594)

Vulnerability from nvd – Published: 2023-09-20 17:27 – Updated: 2025-06-27 21:41

Summary

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Severity ?

No CVSS data available.

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R"	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo"	Affected: various
AMD	Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.1
AMD	AMD Ryzen™ Embedded V3000	Unaffected: Embedded-PI_FP7r2 1.0.0.B

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T15:25:52.143486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T15:26:01.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI   1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Embedded-PI_FP7r2 1.0.0.B"
            }
          ]
        }
      ],
      "datePublic": "2023-09-20T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e"
            }
          ],
          "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T21:41:58.197Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4007",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20594",
    "datePublished": "2023-09-20T17:27:59.742Z",
    "dateReserved": "2022-10-27T18:53:39.762Z",
    "dateUpdated": "2025-06-27T21:41:58.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20589 (GCVE-0-2023-20589)

Vulnerability from nvd – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59

Title

fTPM Voltage Fault Injection

Summary

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 Series Desktop Processors

Affected: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Affected: various
	Ryzen™ PRO 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 5000 Series Processors	Affected: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 6000 Series Processors	Affected: various
AMD	Ryzen™ 7020 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 7030 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 7030 Series Processors	Affected: various
AMD	Ryzen™ 7035 Series Processors with Radeon™ Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T15:54:27.796904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T15:59:15.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 7030 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:04:17.854Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4005",
        "discovery": "UNKNOWN"
      },
      "title": "fTPM Voltage Fault Injection ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20589",
    "datePublished": "2023-08-08T17:04:17.854Z",
    "dateReserved": "2022-10-27T18:53:39.760Z",
    "dateUpdated": "2024-11-13T15:59:15.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20588 (GCVE-0-2023-20588)

Vulnerability from nvd – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23

Title

Speculative Leaks

Summary

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.debian.org/security/2023/dsa-5480
	https://www.debian.org/security/2023/dsa-5492
	http://www.openwall.com/lists/oss-security/2023/09/25/3
	http://www.openwall.com/lists/oss-security/2023/09/25/4
	http://xenbits.xen.org/xsa/advisory-439.html
	http://www.openwall.com/lists/oss-security/2023/09/25/5
	http://www.openwall.com/lists/oss-security/2023/09/25/8
	http://www.openwall.com/lists/oss-security/2023/09/25/7
	http://www.openwall.com/lists/oss-security/2023/09/26/5
	http://www.openwall.com/lists/oss-security/2023/09/26/8
	http://www.openwall.com/lists/oss-security/2023/09/26/9
	http://www.openwall.com/lists/oss-security/2023/09/27/1
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/10/03/9
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/10/04/1
	http://www.openwall.com/lists/oss-security/2023/10/04/2
	http://www.openwall.com/lists/oss-security/2023/10/04/4
	http://www.openwall.com/lists/oss-security/2023/10/04/3
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024053…

Impacted products

Vendor

Product

Version

EPYC™ 7001 Processors

Affected: various

AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: Various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5480"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-439.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T14:23:03.408701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T14:23:18.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:06:30.065Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5480"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5492"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-439.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7007",
        "discovery": "UNKNOWN"
      },
      "title": "Speculative Leaks",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20588",
    "datePublished": "2023-08-08T17:06:30.065Z",
    "dateReserved": "2022-10-27T18:53:39.759Z",
    "dateUpdated": "2024-10-17T14:23:18.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26365 (GCVE-0-2021-26365)

Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:47

Summary

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4

Affected: various

AMD	Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5	Affected: various
AMD	Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors "Rembrandt"	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T15:46:52.526016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:47:24.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors  \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:58:57.236Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26365",
    "datePublished": "2023-05-09T18:58:57.236Z",
    "dateReserved": "2021-01-29T21:24:26.151Z",
    "dateUpdated": "2025-01-28T15:47:24.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26346 (GCVE-0-2021-26346)

Vulnerability from nvd – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14

Summary

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Assigner

AMD

References

URL

Tags

Impacted products

	Vendor	Product	Version
	AMD	Ryzen 5000 Series	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:24.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26346",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T15:14:14.715212Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T15:14:19.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen 5000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
            }
          ],
          "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-11T07:01:59.843Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1031",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26346",
    "datePublished": "2023-01-10T19:50:24.146Z",
    "dateReserved": "2021-01-29T21:24:26.146Z",
    "dateUpdated": "2025-04-09T15:14:19.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26393 (GCVE-0-2021-26393)

Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58

Summary

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	Affected: AMD Radeon Software , < 22.5.2 (custom) Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom)
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded V1000	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:22:50.269Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26393",
    "datePublished": "2022-11-09T20:44:25.517806Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T21:58:26.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26392 (GCVE-0-2021-26392)

Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51

Summary

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	Affected: AMD Radeon Software , < 22.5.2 (custom) Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom)
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded 5000	Affected: various
AMD	AMD Ryzen™ Embedded V1000	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various
AMD	AMD Ryzen™Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:22:08.137Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26392",
    "datePublished": "2022-11-09T20:44:26.258839Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T20:51:46.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12931 (GCVE-0-2020-12931)

Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:56

Summary

Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Ryzen(TM) Embedded R1000	Affected: various
AMD	AMD Ryzen(TM) Embedded R2000	Affected: various
AMD	AMD Ryzen(TM) Embedded 5000	Affected: various
AMD	AMD Ryzen(TM) Embedded V1000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
            }
          ],
          "value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:20:36.423Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12931",
    "datePublished": "2022-11-09T20:44:24.974055Z",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-09-17T00:56:08.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12930 (GCVE-0-2020-12930)

Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00

Summary

Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Ryzen(TM) Embedded R1000	Affected: various
AMD	AMD Ryzen(TM) Embedded R2000	Affected: various
AMD	AMD Ryzen(TM) Embedded 5000	Affected: various
AMD	AMD Ryzen(TM) Embedded V1000	Affected: various
AMD	AMD Ryzen(TM) Embedded V2000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
            }
          ],
          "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:20:09.393Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12930",
    "datePublished": "2022-11-09T20:44:25.791003Z",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-09-17T00:00:30.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4969 (GCVE-0-2023-4969)

Vulnerability from cvelistv5 – Published: 2024-01-16 17:01 – Updated: 2025-06-20 17:10

Title

GPU kernel implementations susceptible to memory leak

Summary

A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

Assigner

certcc

References

URL

Tags

	https://registry.khronos.org/OpenCL/specs/3.0-uni…
	https://registry.khronos.org/vulkan/specs/1.3-ext…
	https://kb.cert.org/vuls/id/446598
	https://blog.trailofbits.com
	https://www.kb.cert.org/vuls/id/446598

Impacted products

Vendor

Product

Version

OpenCL

Affected: 3.0.11 , ≤ 3.0.11 (custom)

Vulkan

Affected: 1.3.224 , ≤ 1.3.224 (custom)

Credits

Trail of Bits

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/446598"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.trailofbits.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/446598"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-4969",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-18T14:52:39.700257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T17:10:16.313Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenCL",
          "vendor": "Khronos Group",
          "versions": [
            {
              "lessThanOrEqual": "3.0.11",
              "status": "affected",
              "version": "3.0.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Vulkan",
          "vendor": "Khronos Group",
          "versions": [
            {
              "lessThanOrEqual": "1.3.224",
              "status": "affected",
              "version": "1.3.224",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Trail of Bits"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-16T17:05:06.604Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
        },
        {
          "url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
        },
        {
          "url": "https://kb.cert.org/vuls/id/446598"
        },
        {
          "url": "https://blog.trailofbits.com"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/446598"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "GPU kernel implementations susceptible to memory leak",
      "x_generator": {
        "engine": "VINCE 2.1.9",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-4969"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2023-4969",
    "datePublished": "2024-01-16T17:01:29.598Z",
    "dateReserved": "2023-09-14T17:07:51.604Z",
    "dateUpdated": "2025-06-20T17:10:16.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20597 (GCVE-0-2023-20597)

Vulnerability from cvelistv5 – Published: 2023-09-20 17:32 – Updated: 2025-06-27 21:45

Summary

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Severity ?

No CVSS data available.

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R"	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo"	Affected: various
AMD	Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	AMD EPYC™ Embedded 7003	Unaffected: EmbMilanPI-SP3 1.0.0.6
AMD	AMD Ryzen™ Embedded 5000	Unaffected: EmbAM4PI 1.0.0.2
AMD	AMD Ryzen™ Embedded V2000	Unaffected: EmbeddedPI-FP6 1.0.0.8
AMD	AMD Ryzen™ Embedded V3000	Unaffected: EmbeddedPI-FP7r2 1.0.0.4

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T16:02:44.267356Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T16:04:20.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbAM4PI 1.0.0.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP6 1.0.0.8"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedPI-FP7r2    1.0.0.4"
            }
          ]
        }
      ],
      "datePublic": "2023-09-20T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T21:45:52.386Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4007",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20597",
    "datePublished": "2023-09-20T17:32:18.969Z",
    "dateReserved": "2022-10-27T18:53:39.763Z",
    "dateUpdated": "2025-06-27T21:45:52.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20594 (GCVE-0-2023-20594)

Vulnerability from cvelistv5 – Published: 2023-09-20 17:27 – Updated: 2025-06-27 21:41

Summary

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.

Severity ?

No CVSS data available.

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Affected: various

AMD	Ryzen™ 5000 Series Desktop Processors “Vermeer”	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT	Affected: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Affected: various
AMD	Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3	Affected: various
AMD	Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt"	Affected: various
AMD	Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R"	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo"	Affected: various
AMD	Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”	Affected: various
AMD	3rd Gen AMD EPYC™ Processors	Affected: various
AMD	AMD Ryzen™ Embedded 7000	Unaffected: EmbeddedAM5PI 1.0.0.1
AMD	AMD Ryzen™ Embedded V3000	Unaffected: Embedded-PI_FP7r2 1.0.0.B

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T15:25:52.143486Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T15:26:01.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbeddedAM5PI   1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Embedded-PI_FP7r2 1.0.0.B"
            }
          ]
        }
      ],
      "datePublic": "2023-09-20T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e"
            }
          ],
          "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-27T21:41:58.197Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4007",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20594",
    "datePublished": "2023-09-20T17:27:59.742Z",
    "dateReserved": "2022-10-27T18:53:39.762Z",
    "dateUpdated": "2025-06-27T21:41:58.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20588 (GCVE-0-2023-20588)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23

Title

Speculative Leaks

Summary

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…	vendor-advisory
	https://www.debian.org/security/2023/dsa-5480
	https://www.debian.org/security/2023/dsa-5492
	http://www.openwall.com/lists/oss-security/2023/09/25/3
	http://www.openwall.com/lists/oss-security/2023/09/25/4
	http://xenbits.xen.org/xsa/advisory-439.html
	http://www.openwall.com/lists/oss-security/2023/09/25/5
	http://www.openwall.com/lists/oss-security/2023/09/25/8
	http://www.openwall.com/lists/oss-security/2023/09/25/7
	http://www.openwall.com/lists/oss-security/2023/09/26/5
	http://www.openwall.com/lists/oss-security/2023/09/26/8
	http://www.openwall.com/lists/oss-security/2023/09/26/9
	http://www.openwall.com/lists/oss-security/2023/09/27/1
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/10/03/9
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/1…
	http://www.openwall.com/lists/oss-security/2023/10/04/1
	http://www.openwall.com/lists/oss-security/2023/10/04/2
	http://www.openwall.com/lists/oss-security/2023/10/04/4
	http://www.openwall.com/lists/oss-security/2023/10/04/3
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024053…

Impacted products

Vendor

Product

Version

EPYC™ 7001 Processors

Affected: various

AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: Various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5480"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-439.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T14:23:03.408701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T14:23:18.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "EPYC\u2122 7001 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "Various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:06:30.065Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5480"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5492"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-439.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7007",
        "discovery": "UNKNOWN"
      },
      "title": "Speculative Leaks",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20588",
    "datePublished": "2023-08-08T17:06:30.065Z",
    "dateReserved": "2022-10-27T18:53:39.759Z",
    "dateUpdated": "2024-10-17T14:23:18.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20589 (GCVE-0-2023-20589)

Vulnerability from cvelistv5 – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59

Title

fTPM Voltage Fault Injection

Summary

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 3000 Series Desktop Processors

Affected: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Affected: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Affected: various
	Ryzen™ PRO 5000 Series Desktop Processors	Affected: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Affected: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 5000 Series Processors	Affected: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 6000 Series Processors	Affected: various
AMD	Ryzen™ 7020 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ 7030 Series Processors with Radeon™ Graphics	Affected: various
AMD	Ryzen™ PRO 7030 Series Processors	Affected: various
AMD	Ryzen™ 7035 Series Processors with Radeon™ Graphics	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T15:54:27.796904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T15:59:15.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 7030 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:04:17.854Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4005",
        "discovery": "UNKNOWN"
      },
      "title": "fTPM Voltage Fault Injection ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20589",
    "datePublished": "2023-08-08T17:04:17.854Z",
    "dateReserved": "2022-10-27T18:53:39.760Z",
    "dateUpdated": "2024-11-13T15:59:15.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26365 (GCVE-0-2021-26365)

Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:47

Summary

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

AMD

References

URL

Tags

vendor-advisory

Impacted products

Vendor

Product

Version

Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4

Affected: various

AMD	Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP	Affected: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”	Affected: various
AMD	Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5	Affected: various
AMD	Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso”	Affected: various
AMD	Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir”	Affected: various
AMD	Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”	Affected: various
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne”	Affected: various
AMD	Ryzen™ 6000 Series Mobile Processors "Rembrandt"	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T15:46:52.526016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T15:47:24.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics  \u201cCezanne\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics   \u201cPollock\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Mobile Processors  \"Rembrandt\"",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T18:58:57.236Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-4001",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26365",
    "datePublished": "2023-05-09T18:58:57.236Z",
    "dateReserved": "2021-01-29T21:24:26.151Z",
    "dateUpdated": "2025-01-28T15:47:24.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26346 (GCVE-0-2021-26346)

Vulnerability from cvelistv5 – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14

Summary

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

n/a

Assigner

AMD

References

URL

Tags

Impacted products

	Vendor	Product	Version
	AMD	Ryzen 5000 Series	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:24.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26346",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-09T15:14:14.715212Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-09T15:14:19.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen 5000 Series",
          "vendor": " AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-01-10T17:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
            }
          ],
          "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-11T07:01:59.843Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1031",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26346",
    "datePublished": "2023-01-10T19:50:24.146Z",
    "dateReserved": "2021-01-29T21:24:26.146Z",
    "dateUpdated": "2025-04-09T15:14:19.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26392 (GCVE-0-2021-26392)

Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51

Summary

Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	Affected: AMD Radeon Software , < 22.5.2 (custom) Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom)
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded 5000	Affected: various
AMD	AMD Ryzen™ Embedded V1000	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various
AMD	AMD Ryzen™Embedded V3000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122Embedded V3000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:22:08.137Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26392",
    "datePublished": "2022-11-09T20:44:26.258839Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T20:51:46.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12930 (GCVE-0-2020-12930)

Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00

Summary

Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Ryzen(TM) Embedded R1000	Affected: various
AMD	AMD Ryzen(TM) Embedded R2000	Affected: various
AMD	AMD Ryzen(TM) Embedded 5000	Affected: various
AMD	AMD Ryzen(TM) Embedded V1000	Affected: various
AMD	AMD Ryzen(TM) Embedded V2000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded 5000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen(TM) Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
            }
          ],
          "value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:20:09.393Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12930",
    "datePublished": "2022-11-09T20:44:25.791003Z",
    "dateReserved": "2020-05-15T00:00:00",
    "dateUpdated": "2024-09-17T00:00:30.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26393 (GCVE-0-2021-26393)

Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58

Summary

Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Radeon RX 6000 Series & PRO W6000 Series	Affected: AMD Radeon Software , < 22.5.2 (custom) Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom)
AMD	AMD Ryzen™ Embedded R1000	Affected: various
AMD	AMD Ryzen™ Embedded R2000	Affected: various
AMD	AMD Ryzen™ Embedded V1000	Affected: various
AMD	AMD Ryzen™ Embedded V2000	Affected: various

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "22.5.2",
              "status": "affected",
              "version": "AMD Radeon Software",
              "versionType": "custom"
            },
            {
              "lessThan": "22.Q2",
              "status": "affected",
              "version": "AMD Radeon Pro Software Enterprise",
              "versionType": "custom"
            },
            {
              "lessThan": "22.10.20",
              "status": "affected",
              "version": "Enterprise Driver",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded R2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V1000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AMD Ryzen\u2122 Embedded V2000",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2022-11-08T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T19:22:50.269Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
        },
        {
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1029, AMD-SB-5001",
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26393",
    "datePublished": "2022-11-09T20:44:25.517806Z",
    "dateReserved": "2021-01-29T00:00:00",
    "dateUpdated": "2024-09-16T21:58:26.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12931 (GCVE-0-2020-12931)

Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:56

Summary

Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.

Severity ?

No CVSS data available.

Assigner

AMD

References

URL

Tags

	https://www.amd.com/en/corporate/product-security…
	https://www.amd.com/en/corporate/product-security…

Impacted products

Vendor

Product

Version

Affected: AMD Radeon Software , < 22.5.2 (custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom)
Affected: Enterprise Driver , < 22.10.20 (custom)

AMD	AMD Ryzen(TM) Embedded R1000	Affected: various
AMD	AMD Ryzen(TM) Embedded R2000	Affected: various
AMD	AMD Ryzen(TM) Embedded 5000	Affected: various
AMD	AMD Ryzen(TM) Embedded V1000	Affected: various

Show details on NVD website