Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
22 vulnerabilities found for ryzen_5_2700_firmware by amd
CVE-2023-20559 (GCVE-0-2023-20559)
Vulnerability from nvd – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43
VLAI?
Summary
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Date Public ?
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:43:46.344707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691 Insufficient Control Flow Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:43:49.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20559",
"datePublished": "2023-03-23T18:49:41.533Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-25T16:43:49.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20558 (GCVE-0-2023-20558)
Vulnerability from nvd – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23
VLAI?
Summary
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Date Public ?
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:00.856473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:23:58.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
}
],
"value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20558",
"datePublished": "2023-03-23T18:50:11.488Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-20T19:23:58.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23824 (GCVE-0-2022-23824)
Vulnerability from nvd – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
VLAI?
Summary
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public ?
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T01:23:48.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23824",
"datePublished": "2022-11-09T20:48:06.826Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23825 (GCVE-0-2022-23825)
Vulnerability from nvd – Published: 2022-07-14 19:27 – Updated: 2024-09-16 17:48
VLAI?
Summary
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:51.356Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23825",
"datePublished": "2022-07-14T19:27:08.292Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26384 (GCVE-0-2021-26384)
Vulnerability from nvd – Published: 2022-07-14 19:28 – Updated: 2024-09-16 23:15
VLAI?
Summary
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ Series |
Affected:
various
|
|||||||
|
|||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T19:28:56.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
]
},
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26384",
"datePublished": "2022-07-14T19:28:56.918Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:36.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29900 (GCVE-0-2022-29900)
Vulnerability from nvd – Published: 2022-07-12 15:50 – Updated: 2024-11-20 16:13
VLAI?
Summary
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:09:18.710200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:13:31.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:53.374Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-29900",
"datePublished": "2022-07-12T15:50:10.585Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-11-20T16:13:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23823 (GCVE-0-2022-23823)
Vulnerability from nvd – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
VLAI?
Summary
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public ?
2022-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:13:04.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
"ID": "CVE-2022-23823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23823",
"datePublished": "2022-06-15T19:13:04.771Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:08.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26388 (GCVE-0-2021-26388)
Vulnerability from nvd – Published: 2022-05-11 16:29 – Updated: 2024-09-16 23:01
VLAI?
Summary
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | EPYC™ Processors |
Affected:
various
|
||||||||||||
|
||||||||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:29:06.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26388",
"datePublished": "2022-05-11T16:29:06.174Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:19.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26373 (GCVE-0-2021-26373)
Vulnerability from nvd – Published: 2022-05-11 16:27 – Updated: 2024-09-16 16:32
VLAI?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | EPYC™ Processors |
Affected:
various
|
||||||||||||
|
||||||||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:27:13.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26373",
"datePublished": "2022-05-11T16:27:13.373Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:39.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26390 (GCVE-0-2021-26390)
Vulnerability from nvd – Published: 2022-05-10 18:24 – Updated: 2024-09-16 23:11
VLAI?
Summary
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ Series |
Affected:
various
|
|||||||
|
|||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T17:12:33.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
]
},
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26390",
"datePublished": "2022-05-10T18:24:25.459Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:12.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26352 (GCVE-0-2021-26352)
Vulnerability from nvd – Published: 2022-05-10 18:26 – Updated: 2024-09-16 16:58
VLAI?
Summary
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ Series |
Affected:
various
|
|||||||
|
|||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T17:15:01.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
]
},
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26352",
"datePublished": "2022-05-10T18:26:07.477Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:58:20.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20558 (GCVE-0-2023-20558)
Vulnerability from cvelistv5 – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23
VLAI?
Summary
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Date Public ?
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:20:00.856473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:23:58.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
}
],
"value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20558",
"datePublished": "2023-03-23T18:50:11.488Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-20T19:23:58.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20559 (GCVE-0-2023-20559)
Vulnerability from cvelistv5 – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43
VLAI?
Summary
Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 2000 Series |
Affected:
various
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Date Public ?
2023-03-23 18:33
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T16:43:46.344707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691 Insufficient Control Flow Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T16:43:49.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series ",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-03-23T18:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-02T18:49:20.069Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"source": {
"advisory": "amd-sb-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20559",
"datePublished": "2023-03-23T18:49:41.533Z",
"dateReserved": "2022-10-27T18:53:39.746Z",
"dateUpdated": "2025-02-25T16:43:49.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23824 (GCVE-0-2022-23824)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
VLAI?
Summary
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public ?
2022-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T01:23:48.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "FEDORA-2022-9f51d13fa3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
},
{
"name": "FEDORA-2022-53a4a5dd11",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
},
{
"name": "DSA-5378",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5378"
},
{
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23824",
"datePublished": "2022-11-09T20:48:06.826Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26384 (GCVE-0-2021-26384)
Vulnerability from cvelistv5 – Published: 2022-07-14 19:28 – Updated: 2024-09-16 23:15
VLAI?
Summary
A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ Series |
Affected:
various
|
|||||||
|
|||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-14T19:28:56.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
]
},
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26384",
"datePublished": "2022-07-14T19:28:56.918Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:36.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23825 (GCVE-0-2022-23825)
Vulnerability from cvelistv5 – Published: 2022-07-14 19:27 – Updated: 2024-09-16 17:48
VLAI?
Summary
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:51.356Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"name": "FEDORA-2022-c69ef9c1dd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-8aab5b5cde",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/"
},
{
"name": "DSA-5184",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"name": "FEDORA-2022-3e6ce58029",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSRW4LLTAT3CZMOYVNTC7YIYGX3KLED/"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "[oss-security] 20221108 Xen Security Advisory 422 v1 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/08/1"
},
{
"name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23825",
"datePublished": "2022-07-14T19:27:08.292Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:48:09.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29900 (GCVE-0-2022-29900)
Vulnerability from cvelistv5 – Published: 2022-07-12 15:50 – Updated: 2024-11-20 16:13
VLAI?
Summary
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor Some AMD Processors
|
Date Public ?
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:09:18.710200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:13:31.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor Some AMD Processors"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T08:06:53.374Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037"
},
{
"name": "FEDORA-2022-a0d7a5eaf2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/"
},
{
"name": "DSA-5207",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5207"
},
{
"name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html"
},
{
"url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/"
},
{
"name": "GLSA-202402-07",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-29900",
"datePublished": "2022-07-12T15:50:10.585Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-11-20T16:13:31.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23823 (GCVE-0-2022-23823)
Vulnerability from cvelistv5 – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
VLAI?
Summary
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
Severity ?
No CVSS data available.
CWE
- NA
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | AMD Processors |
Affected:
Processor various
|
Date Public ?
2022-06-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Processor various"
}
]
}
],
"datePublic": "2022-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NA",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T19:13:04.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
"ID": "CVE-2022-23823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Processor",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23823",
"datePublished": "2022-06-15T19:13:04.771Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:59:08.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26388 (GCVE-0-2021-26388)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:29 – Updated: 2024-09-16 23:01
VLAI?
Summary
Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | EPYC™ Processors |
Affected:
various
|
||||||||||||
|
||||||||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:29:06.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26388",
"datePublished": "2022-05-11T16:29:06.174Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:01:19.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26373 (GCVE-0-2021-26373)
Vulnerability from cvelistv5 – Published: 2022-05-11 16:27 – Updated: 2024-09-16 16:32
VLAI?
Summary
Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | EPYC™ Processors |
Affected:
various
|
||||||||||||
|
||||||||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T16:27:13.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
],
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EPYC\u2122 Processors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
},
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1028"
}
]
},
"source": {
"advisory": "AMD-SB-1027 and AMD-SB-1028",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26373",
"datePublished": "2022-05-11T16:27:13.373Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:32:39.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26352 (GCVE-0-2021-26352)
Vulnerability from cvelistv5 – Published: 2022-05-10 18:26 – Updated: 2024-09-16 16:58
VLAI?
Summary
Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ Series |
Affected:
various
|
|||||||
|
|||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T17:15:01.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
]
},
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26352",
"datePublished": "2022-05-10T18:26:07.477Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:58:20.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26390 (GCVE-0-2021-26390)
Vulnerability from cvelistv5 – Published: 2022-05-10 18:24 – Updated: 2024-09-16 23:11
VLAI?
Summary
A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.
Severity ?
No CVSS data available.
CWE
- tbd
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ Series |
Affected:
various
|
|||||||
|
|||||||||
Date Public ?
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ryzen\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"product": "Athlon\u2122 Series",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tbd",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T17:12:33.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
],
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
"ID": "CVE-2021-26390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ryzen\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
},
{
"product_name": "Athlon\u2122 Series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "AMD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "tbd"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
}
]
},
"source": {
"advisory": "AMD-SB-1027",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26390",
"datePublished": "2022-05-10T18:24:25.459Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:12.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}