Search
Find a vulnerability
Search criteria
22 vulnerabilities found for ryzen_5_pro_3400ge_firmware by amd
CVE-2023-4969 (GCVE-0-2023-4969)
Vulnerability from nvd – Published: 2024-01-16 17:01 – Updated: 2025-06-20 17:10
VLAI
Title
GPU kernel implementations susceptible to memory leak
Summary
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Khronos Group | OpenCL |
Affected:
3.0.11 , ≤ 3.0.11
(custom)
|
|
| Khronos Group | Vulkan |
Affected:
1.3.224 , ≤ 1.3.224
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.trailofbits.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4969",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T14:52:39.700257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:10:16.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenCL",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.11",
"versionType": "custom"
}
]
},
{
"product": "Vulkan",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "1.3.224",
"status": "affected",
"version": "1.3.224",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trail of Bits"
}
],
"descriptions": [
{
"lang": "en",
"value": "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T17:05:06.604Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"url": "https://blog.trailofbits.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GPU kernel implementations susceptible to memory leak",
"x_generator": {
"engine": "VINCE 2.1.9",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-4969"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4969",
"datePublished": "2024-01-16T17:01:29.598Z",
"dateReserved": "2023-09-14T17:07:51.604Z",
"dateUpdated": "2025-06-20T17:10:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23821 (GCVE-0-2022-23821)
Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
VLAI
Summary
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
24 products
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-05T20:28:42.236096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:26:05.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:26:03.900Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23821",
"datePublished": "2023-11-14T18:54:32.952Z",
"dateReserved": "2022-01-21T17:20:55.779Z",
"dateUpdated": "2024-12-03T14:26:05.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23820 (GCVE-0-2022-23820)
Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51
VLAI
Summary
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
Severity
7.5 (High)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
19 products
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:28:41.324Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23820",
"datePublished": "2023-11-14T18:52:21.457Z",
"dateReserved": "2022-01-21T17:20:55.778Z",
"dateUpdated": "2024-08-03T03:51:46.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20589 (GCVE-0-2023-20589)
Vulnerability from nvd – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59
VLAI
Title
fTPM Voltage Fault Injection
Summary
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
23 products
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:54:27.796904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T15:59:15.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
"vendor": " ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 6000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 7030 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:04:17.854Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"source": {
"advisory": "AMD-SB-4005",
"discovery": "UNKNOWN"
},
"title": "fTPM Voltage Fault Injection ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20589",
"datePublished": "2023-08-08T17:04:17.854Z",
"dateReserved": "2022-10-27T18:53:39.760Z",
"dateUpdated": "2024-11-13T15:59:15.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20588 (GCVE-0-2023-20588)
Vulnerability from nvd – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23
VLAI
Title
Speculative Leaks
Summary
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
28 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | EPYC™ 7001 Processors |
Affected:
various
|
|
| AMD | Athlon™ 3000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics |
Affected:
Various
|
|
| AMD | Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics |
Affected:
various
|
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:23:03.408701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:23:18.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
}
],
"value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:06:30.065Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"source": {
"advisory": "AMD-SB-7007",
"discovery": "UNKNOWN"
},
"title": "Speculative Leaks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20588",
"datePublished": "2023-08-08T17:06:30.065Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-10-17T14:23:18.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26365 (GCVE-0-2021-26365)
Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:47
VLAI
Summary
Certain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service or potentially limited leakage of information about
out-of-bounds memory contents.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 |
Affected:
various
|
|
| AMD | Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP |
Affected:
various
|
|
| AMD | Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” |
Affected:
various
|
|
| AMD | Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” |
Affected:
various
|
|
| AMD | Ryzen™ 6000 Series Mobile Processors "Rembrandt" |
Affected:
various
|
Date Public
2023-05-09 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:46:52.526016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:47:24.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:58:57.236Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"source": {
"advisory": "AMD-SB-4001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26365",
"datePublished": "2023-05-09T18:58:57.236Z",
"dateReserved": "2021-01-29T21:24:26.151Z",
"dateUpdated": "2025-01-28T15:47:24.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26346 (GCVE-0-2021-26346)
Vulnerability from nvd – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
VLAI
Summary
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen 5000 Series |
Affected:
various
|
Date Public
2023-01-10 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:14:14.715212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:14:19.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 5000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-01-10T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T07:01:59.843Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"source": {
"advisory": "AMD-SB-1031",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26346",
"datePublished": "2023-01-10T19:50:24.146Z",
"dateReserved": "2021-01-29T21:24:26.146Z",
"dateUpdated": "2025-04-09T15:14:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26393 (GCVE-0-2021-26393)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58
VLAI
Summary
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Severity
No CVSS data available.
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen™ Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
}
],
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:50.269Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26393",
"datePublished": "2022-11-09T20:44:25.517Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:58:26.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26392 (GCVE-0-2021-26392)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
VLAI
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity
No CVSS data available.
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen™ Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™Embedded V3000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
}
],
"value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:08.137Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26392",
"datePublished": "2022-11-09T20:44:26.258Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:51:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12931 (GCVE-0-2020-12931)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:56
VLAI
Summary
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity
No CVSS data available.
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen(TM) Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded V1000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:36.423Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12931",
"datePublished": "2022-11-09T20:44:24.974Z",
"dateReserved": "2020-05-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:56:08.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12930 (GCVE-0-2020-12930)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00
VLAI
Summary
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity
No CVSS data available.
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen(TM) Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded V2000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:09.393Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12930",
"datePublished": "2022-11-09T20:44:25.791Z",
"dateReserved": "2020-05-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:00:30.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4969 (GCVE-0-2023-4969)
Vulnerability from cvelistv5 – Published: 2024-01-16 17:01 – Updated: 2025-06-20 17:10
VLAI
Title
GPU kernel implementations susceptible to memory leak
Summary
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Khronos Group | OpenCL |
Affected:
3.0.11 , ≤ 3.0.11
(custom)
|
|
| Khronos Group | Vulkan |
Affected:
1.3.224 , ≤ 1.3.224
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.trailofbits.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4969",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T14:52:39.700257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:10:16.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenCL",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.11",
"versionType": "custom"
}
]
},
{
"product": "Vulkan",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "1.3.224",
"status": "affected",
"version": "1.3.224",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trail of Bits"
}
],
"descriptions": [
{
"lang": "en",
"value": "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T17:05:06.604Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"url": "https://blog.trailofbits.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GPU kernel implementations susceptible to memory leak",
"x_generator": {
"engine": "VINCE 2.1.9",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-4969"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4969",
"datePublished": "2024-01-16T17:01:29.598Z",
"dateReserved": "2023-09-14T17:07:51.604Z",
"dateUpdated": "2025-06-20T17:10:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23821 (GCVE-0-2022-23821)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
VLAI
Summary
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
24 products
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-05T20:28:42.236096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:26:05.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:26:03.900Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23821",
"datePublished": "2023-11-14T18:54:32.952Z",
"dateReserved": "2022-01-21T17:20:55.779Z",
"dateUpdated": "2024-12-03T14:26:05.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23820 (GCVE-0-2022-23820)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51
VLAI
Summary
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
Severity
7.5 (High)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
19 products
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:28:41.324Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23820",
"datePublished": "2023-11-14T18:52:21.457Z",
"dateReserved": "2022-01-21T17:20:55.778Z",
"dateUpdated": "2024-08-03T03:51:46.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20588 (GCVE-0-2023-20588)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23
VLAI
Title
Speculative Leaks
Summary
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
28 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | EPYC™ 7001 Processors |
Affected:
various
|
|
| AMD | Athlon™ 3000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series Processors with Radeon™ Graphics |
Affected:
various
|
|
| AMD | Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics |
Affected:
Various
|
|
| AMD | Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics |
Affected:
various
|
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:23:03.408701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:23:18.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
}
],
"value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:06:30.065Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"source": {
"advisory": "AMD-SB-7007",
"discovery": "UNKNOWN"
},
"title": "Speculative Leaks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20588",
"datePublished": "2023-08-08T17:06:30.065Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-10-17T14:23:18.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20589 (GCVE-0-2023-20589)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59
VLAI
Title
fTPM Voltage Fault Injection
Summary
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
23 products
Date Public
2023-08-08 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:54:27.796904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T15:59:15.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
"vendor": " ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 6000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 7030 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:04:17.854Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"source": {
"advisory": "AMD-SB-4005",
"discovery": "UNKNOWN"
},
"title": "fTPM Voltage Fault Injection ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20589",
"datePublished": "2023-08-08T17:04:17.854Z",
"dateReserved": "2022-10-27T18:53:39.760Z",
"dateUpdated": "2024-11-13T15:59:15.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26365 (GCVE-0-2021-26365)
Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:47
VLAI
Summary
Certain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service or potentially limited leakage of information about
out-of-bounds memory contents.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Desktop processor with Radeon™ Graphics “Cezanne” AM4 |
Affected:
various
|
|
| AMD | Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” ULP |
Affected:
various
|
|
| AMD | Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock” |
Affected:
various
|
|
| AMD | Ryzen™ 2000 Series Mobile Processors “Raven Ridge” FP5 |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile Processors with Radeon™ Graphics “Picasso” |
Affected:
various
|
|
| AMD | Ryzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Renoir” |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne” |
Affected:
various
|
|
| AMD | Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Cezanne” |
Affected:
various
|
|
| AMD | Ryzen™ 6000 Series Mobile Processors "Rembrandt" |
Affected:
various
|
Date Public
2023-05-09 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:46:52.526016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:47:24.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:58:57.236Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"source": {
"advisory": "AMD-SB-4001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26365",
"datePublished": "2023-05-09T18:58:57.236Z",
"dateReserved": "2021-01-29T21:24:26.151Z",
"dateUpdated": "2025-01-28T15:47:24.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26346 (GCVE-0-2021-26346)
Vulnerability from cvelistv5 – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
VLAI
Summary
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen 5000 Series |
Affected:
various
|
Date Public
2023-01-10 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:14:14.715212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:14:19.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 5000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-01-10T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T07:01:59.843Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"source": {
"advisory": "AMD-SB-1031",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26346",
"datePublished": "2023-01-10T19:50:24.146Z",
"dateReserved": "2021-01-29T21:24:26.146Z",
"dateUpdated": "2025-04-09T15:14:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26392 (GCVE-0-2021-26392)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
VLAI
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity
No CVSS data available.
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen™ Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™Embedded V3000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
}
],
"value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:08.137Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26392",
"datePublished": "2022-11-09T20:44:26.258Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:51:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12930 (GCVE-0-2020-12930)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00
VLAI
Summary
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity
No CVSS data available.
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen(TM) Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded V2000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:09.393Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12930",
"datePublished": "2022-11-09T20:44:25.791Z",
"dateReserved": "2020-05-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:00:30.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26393 (GCVE-0-2021-26393)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58
VLAI
Summary
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Severity
No CVSS data available.
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Radeon RX 6000 Series & PRO W6000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen™ Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V1000 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded V2000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
}
],
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:50.269Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26393",
"datePublished": "2022-11-09T20:44:25.517Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:58:26.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12931 (GCVE-0-2020-12931)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:56
VLAI
Summary
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity
No CVSS data available.
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|
| AMD | AMD Ryzen(TM) Embedded R1000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded R2000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded 5000 |
Affected:
various
|
|
| AMD | AMD Ryzen(TM) Embedded V1000 |
Affected:
various
|
Date Public
2022-11-08 05:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:36.423Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12931",
"datePublished": "2022-11-09T20:44:24.974Z",
"dateReserved": "2020-05-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:56:08.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}