Search

Find a vulnerability

Search criteria

    40 vulnerabilities found for ryzen_3_3300g_firmware by amd

    CVE-2023-20597 (GCVE-0-2023-20597)

    Vulnerability from nvd – Published: 2023-09-20 17:32 – Updated: 2025-06-27 21:45
    VLAI
    Summary
    Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Unaffected: EmbMilanPI-SP3 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Unaffected: EmbeddedPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Unaffected: EmbeddedPI-FP7r2 1.0.0.4
    Create a notification for this product.
    Date Public
    2023-09-20 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T16:02:44.267356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T16:04:20.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2    1.0.0.4"
                }
              ]
            }
          ],
          "datePublic": "2023-09-20T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T21:45:52.386Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20597",
        "datePublished": "2023-09-20T17:32:18.969Z",
        "dateReserved": "2022-10-27T18:53:39.763Z",
        "dateUpdated": "2025-06-27T21:45:52.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20594 (GCVE-0-2023-20594)

    Vulnerability from nvd – Published: 2023-09-20 17:27 – Updated: 2025-06-27 21:41
    VLAI
    Summary
    Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Unaffected: EmbeddedAM5PI 1.0.0.1
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Unaffected: Embedded-PI_FP7r2 1.0.0.B
    Create a notification for this product.
    Date Public
    2023-09-20 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T15:25:52.143486Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T15:26:01.771Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI   1.0.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Embedded-PI_FP7r2 1.0.0.B"
                }
              ]
            }
          ],
          "datePublic": "2023-09-20T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e"
                }
              ],
              "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T21:41:58.197Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20594",
        "datePublished": "2023-09-20T17:27:59.742Z",
        "dateReserved": "2022-10-27T18:53:39.762Z",
        "dateUpdated": "2025-06-27T21:41:58.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26346 (GCVE-0-2021-26346)

    Vulnerability from nvd – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
    VLAI
    Summary
    Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen 5000 Series Affected: various
    Create a notification for this product.
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:14:14.715212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:14:19.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
                }
              ],
              "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26346",
        "datePublished": "2023-01-10T19:50:24.146Z",
        "dateReserved": "2021-01-29T21:24:26.146Z",
        "dateUpdated": "2025-04-09T15:14:19.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23824 (GCVE-0-2022-23824)

    Vulnerability from nvd – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "FEDORA-2022-9f51d13fa3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
              },
              {
                "name": "FEDORA-2022-53a4a5dd11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
              },
              {
                "name": "DSA-5378",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5378"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-17T01:23:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "FEDORA-2022-9f51d13fa3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
            },
            {
              "name": "FEDORA-2022-53a4a5dd11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
            },
            {
              "name": "DSA-5378",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5378"
            },
            {
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23824",
        "datePublished": "2022-11-09T20:48:06.826Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:23.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46778 (GCVE-0-2021-46778)

    Vulnerability from nvd – Published: 2022-08-09 20:20 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-09T20:20:12.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-08-09T16:00:00.000Z",
              "ID": "CVE-2021-46778",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "Some AMD Processors"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46778",
        "datePublished": "2022-08-09T20:20:12.911Z",
        "dateReserved": "2022-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23825 (GCVE-0-2022-23825)

    Vulnerability from nvd – Published: 2022-07-14 19:27 – Updated: 2024-09-16 17:48
    VLAI
    Summary
    Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2022-c69ef9c1dd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
              },
              {
                "name": "FEDORA-2022-8aab5b5cde",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
              },
              {
                "name": "DSA-5184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5184"
              },
              {
                "name": "FEDORA-2022-3e6ce58029",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
              },
              {
                "name": "FEDORA-2022-a0d7a5eaf2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
              },
              {
                "name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "GLSA-202402-07",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-04T08:06:51.356Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "name": "FEDORA-2022-c69ef9c1dd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
            },
            {
              "name": "FEDORA-2022-8aab5b5cde",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
            },
            {
              "name": "DSA-5184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5184"
            },
            {
              "name": "FEDORA-2022-3e6ce58029",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
            },
            {
              "name": "FEDORA-2022-a0d7a5eaf2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
            },
            {
              "name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "GLSA-202402-07",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23825",
        "datePublished": "2022-07-14T19:27:08.292Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:48:09.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29900 (GCVE-0-2022-29900)

    Vulnerability from nvd – Published: 2022-07-12 15:50 – Updated: 2024-11-20 16:13
    VLAI
    Summary
    Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:33:43.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
              },
              {
                "name": "FEDORA-2022-a0d7a5eaf2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
              },
              {
                "name": "DSA-5207",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5207"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
              },
              {
                "name": "GLSA-202402-07",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T16:09:18.710200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T16:13:31.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-04T08:06:53.374Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
            },
            {
              "name": "FEDORA-2022-a0d7a5eaf2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
            },
            {
              "name": "DSA-5207",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5207"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
            },
            {
              "name": "GLSA-202402-07",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-29900",
        "datePublished": "2022-07-12T15:50:10.585Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2024-11-20T16:13:31.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23823 (GCVE-0-2022-23823)

    Vulnerability from nvd – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
    VLAI
    Summary
    A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T19:13:04.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
              "ID": "CVE-2022-23823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23823",
        "datePublished": "2022-06-15T19:13:04.771Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:08.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26386 (GCVE-0-2021-26386)

    Vulnerability from nvd – Published: 2022-05-12 18:28 – Updated: 2024-09-16 17:53
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:28:38.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26386",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26386",
        "datePublished": "2022-05-12T18:28:38.025Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:53:15.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26368 (GCVE-0-2021-26368)

    Vulnerability from nvd – Published: 2022-05-12 18:22 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:22:27.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26368",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26368",
        "datePublished": "2022-05-12T18:22:27.719Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:04.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26363 (GCVE-0-2021-26363)

    Vulnerability from nvd – Published: 2022-05-12 18:39 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:39:33.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26363",
        "datePublished": "2022-05-12T18:39:33.159Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:07.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26317 (GCVE-0-2021-26317)

    Vulnerability from nvd – Published: 2022-05-12 18:27 – Updated: 2024-09-17 01:10
    VLAI
    Summary
    Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:27:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26317",
        "datePublished": "2022-05-12T18:27:48.589Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:10:36.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26369 (GCVE-0-2021-26369)

    Vulnerability from nvd – Published: 2022-05-12 17:07 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:07:32.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26369",
        "datePublished": "2022-05-12T17:07:32.274Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:13.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26366 (GCVE-0-2021-26366)

    Vulnerability from nvd – Published: 2022-05-12 17:09 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:09:29.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26366",
        "datePublished": "2022-05-12T17:09:29.825Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:13.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26351 (GCVE-0-2021-26351)

    Vulnerability from nvd – Published: 2022-05-12 17:18 – Updated: 2024-09-16 22:41
    VLAI
    Summary
    Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:18:51.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26351",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26351",
        "datePublished": "2022-05-12T17:18:51.729Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:41:24.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20597 (GCVE-0-2023-20597)

    Vulnerability from cvelistv5 – Published: 2023-09-20 17:32 – Updated: 2025-06-27 21:45
    VLAI
    Summary
    Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” Affected: various
    Create a notification for this product.
    AMD AMD EPYC™ Embedded 7003 Unaffected: EmbMilanPI-SP3 1.0.0.6
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 5000 Unaffected: EmbAM4PI 1.0.0.2
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Unaffected: EmbeddedPI-FP6 1.0.0.8
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Unaffected: EmbeddedPI-FP7r2 1.0.0.4
    Create a notification for this product.
    Date Public
    2023-09-20 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20597",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T16:02:44.267356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T16:04:20.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD EPYC\u2122 Embedded 7003",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbMilanPI-SP3 1.0.0.6"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 5000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbAM4PI 1.0.0.2"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP6 1.0.0.8"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedPI-FP7r2    1.0.0.4"
                }
              ]
            }
          ],
          "datePublic": "2023-09-20T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e\n\n\u003c/span\u003e"
                }
              ],
              "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T21:45:52.386Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20597",
        "datePublished": "2023-09-20T17:32:18.969Z",
        "dateReserved": "2022-10-27T18:53:39.763Z",
        "dateUpdated": "2025-06-27T21:45:52.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20594 (GCVE-0-2023-20594)

    Vulnerability from cvelistv5 – Published: 2023-09-20 17:27 – Updated: 2025-06-27 21:41
    VLAI
    Summary
    Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-824 - Access of Uninitialized Pointer
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD Ryzen™ 3000 Series Desktop Processors “Matisse” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS SP3 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6 Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne” Affected: various
    Create a notification for this product.
    AMD Ryzen™ 6000 Series Mobile Processors with Radeon™ Graphics "Rembrandt" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics "Rembrandt-R" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics "Barcelo" Affected: various
    Create a notification for this product.
    AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R” Affected: various
    Create a notification for this product.
    AMD 3rd Gen AMD EPYC™ Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded 7000 Unaffected: EmbeddedAM5PI 1.0.0.1
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Unaffected: Embedded-PI_FP7r2 1.0.0.B
    Create a notification for this product.
    Date Public
    2023-09-20 16:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T15:25:52.143486Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T15:26:01.771Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS SP3",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 6000 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics \"Rembrandt-R\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \"Barcelo\"",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD EPYC\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded 7000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "EmbeddedAM5PI   1.0.0.1"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "Embedded-PI_FP7r2 1.0.0.B"
                }
              ]
            }
          ],
          "datePublic": "2023-09-20T16:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eImproper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.\u003c/span\u003e"
                }
              ],
              "value": "Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-824",
                  "description": "CWE-824 Access of Uninitialized Pointer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-27T21:41:58.197Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007"
            }
          ],
          "source": {
            "advisory": "AMD-SB-4007",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20594",
        "datePublished": "2023-09-20T17:27:59.742Z",
        "dateReserved": "2022-10-27T18:53:39.762Z",
        "dateUpdated": "2025-06-27T21:41:58.197Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26346 (GCVE-0-2021-26346)

    Vulnerability from cvelistv5 – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
    VLAI
    Summary
    Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen 5000 Series Affected: various
    Create a notification for this product.
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:14:14.715212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:14:19.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
                }
              ],
              "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26346",
        "datePublished": "2023-01-10T19:50:24.146Z",
        "dateReserved": "2021-01-29T21:24:26.146Z",
        "dateUpdated": "2025-04-09T15:14:19.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23824 (GCVE-0-2022-23824)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "FEDORA-2022-9f51d13fa3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
              },
              {
                "name": "FEDORA-2022-53a4a5dd11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
              },
              {
                "name": "DSA-5378",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5378"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-17T01:23:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "FEDORA-2022-9f51d13fa3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
            },
            {
              "name": "FEDORA-2022-53a4a5dd11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
            },
            {
              "name": "DSA-5378",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5378"
            },
            {
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23824",
        "datePublished": "2022-11-09T20:48:06.826Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:23.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46778 (GCVE-0-2021-46778)

    Vulnerability from cvelistv5 – Published: 2022-08-09 20:20 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-09T20:20:12.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-08-09T16:00:00.000Z",
              "ID": "CVE-2021-46778",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "Some AMD Processors"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46778",
        "datePublished": "2022-08-09T20:20:12.911Z",
        "dateReserved": "2022-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23825 (GCVE-0-2022-23825)

    Vulnerability from cvelistv5 – Published: 2022-07-14 19:27 – Updated: 2024-09-16 17:48
    VLAI
    Summary
    Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.140Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2022-c69ef9c1dd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
              },
              {
                "name": "FEDORA-2022-8aab5b5cde",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
              },
              {
                "name": "DSA-5184",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5184"
              },
              {
                "name": "FEDORA-2022-3e6ce58029",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
              },
              {
                "name": "FEDORA-2022-a0d7a5eaf2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
              },
              {
                "name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "GLSA-202402-07",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-04T08:06:51.356Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "name": "FEDORA-2022-c69ef9c1dd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
            },
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
            },
            {
              "name": "FEDORA-2022-8aab5b5cde",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
            },
            {
              "name": "DSA-5184",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5184"
            },
            {
              "name": "FEDORA-2022-3e6ce58029",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
            },
            {
              "name": "FEDORA-2022-a0d7a5eaf2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
            },
            {
              "name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "GLSA-202402-07",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23825",
        "datePublished": "2022-07-14T19:27:08.292Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:48:09.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29900 (GCVE-0-2022-29900)

    Vulnerability from cvelistv5 – Published: 2022-07-12 15:50 – Updated: 2024-11-20 16:13
    VLAI
    Summary
    Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:33:43.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
              },
              {
                "name": "FEDORA-2022-a0d7a5eaf2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
              },
              {
                "name": "DSA-5207",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5207"
              },
              {
                "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
              },
              {
                "name": "GLSA-202402-07",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T16:09:18.710200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T16:13:31.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-04T08:06:53.374Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
            },
            {
              "name": "FEDORA-2022-a0d7a5eaf2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
            },
            {
              "name": "DSA-5207",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5207"
            },
            {
              "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
            },
            {
              "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
            },
            {
              "name": "GLSA-202402-07",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-29900",
        "datePublished": "2022-07-12T15:50:10.585Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2024-11-20T16:13:31.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23823 (GCVE-0-2022-23823)

    Vulnerability from cvelistv5 – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
    VLAI
    Summary
    A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T19:13:04.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
              "ID": "CVE-2022-23823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23823",
        "datePublished": "2022-06-15T19:13:04.771Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:08.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26363 (GCVE-0-2021-26363)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:39 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:39:33.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26363",
        "datePublished": "2022-05-12T18:39:33.159Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:07.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26386 (GCVE-0-2021-26386)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:28 – Updated: 2024-09-16 17:53
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:28:38.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26386",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26386",
        "datePublished": "2022-05-12T18:28:38.025Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:53:15.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26317 (GCVE-0-2021-26317)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:27 – Updated: 2024-09-17 01:10
    VLAI
    Summary
    Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:27:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26317",
        "datePublished": "2022-05-12T18:27:48.589Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:10:36.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26368 (GCVE-0-2021-26368)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:22 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:22:27.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26368",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26368",
        "datePublished": "2022-05-12T18:22:27.719Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:04.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26351 (GCVE-0-2021-26351)

    Vulnerability from cvelistv5 – Published: 2022-05-12 17:18 – Updated: 2024-09-16 22:41
    VLAI
    Summary
    Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:18:51.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26351",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26351",
        "datePublished": "2022-05-12T17:18:51.729Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:41:24.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26366 (GCVE-0-2021-26366)

    Vulnerability from cvelistv5 – Published: 2022-05-12 17:09 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:09:29.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26366",
        "datePublished": "2022-05-12T17:09:29.825Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:13.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26369 (GCVE-0-2021-26369)

    Vulnerability from cvelistv5 – Published: 2022-05-12 17:07 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:07:32.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26369",
        "datePublished": "2022-05-12T17:07:32.274Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:13.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }