Search criteria
22 vulnerabilities found for ryzen_5_pro_3400ge_firmware by amd
CVE-2023-4969 (GCVE-0-2023-4969)
Vulnerability from nvd – Published: 2024-01-16 17:01 – Updated: 2025-06-20 17:10
VLAI?
Title
GPU kernel implementations susceptible to memory leak
Summary
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Khronos Group | OpenCL |
Affected:
3.0.11 , ≤ 3.0.11
(custom)
|
|||||||
|
|||||||||
Credits
Trail of Bits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.trailofbits.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4969",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T14:52:39.700257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:10:16.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenCL",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.11",
"versionType": "custom"
}
]
},
{
"product": "Vulkan",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "1.3.224",
"status": "affected",
"version": "1.3.224",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trail of Bits"
}
],
"descriptions": [
{
"lang": "en",
"value": "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T17:05:06.604Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"url": "https://blog.trailofbits.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GPU kernel implementations susceptible to memory leak",
"x_generator": {
"engine": "VINCE 2.1.9",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-4969"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4969",
"datePublished": "2024-01-16T17:01:29.598Z",
"dateReserved": "2023-09-14T17:07:51.604Z",
"dateUpdated": "2025-06-20T17:10:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23821 (GCVE-0-2022-23821)
Vulnerability from nvd – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
VLAI?
Summary
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-05T20:28:42.236096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:26:05.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:26:03.900Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23821",
"datePublished": "2023-11-14T18:54:32.952Z",
"dateReserved": "2022-01-21T17:20:55.779Z",
"dateUpdated": "2024-12-03T14:26:05.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23820 (GCVE-0-2022-23820)
Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51
VLAI?
Summary
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:28:41.324Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23820",
"datePublished": "2023-11-14T18:52:21.457Z",
"dateReserved": "2022-01-21T17:20:55.778Z",
"dateUpdated": "2024-08-03T03:51:46.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20589 (GCVE-0-2023-20589)
Vulnerability from nvd – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59
VLAI?
Title
fTPM Voltage Fault Injection
Summary
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors |
Affected:
various
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:54:27.796904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T15:59:15.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
"vendor": " ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 6000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 7030 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:04:17.854Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"source": {
"advisory": "AMD-SB-4005",
"discovery": "UNKNOWN"
},
"title": "fTPM Voltage Fault Injection ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20589",
"datePublished": "2023-08-08T17:04:17.854Z",
"dateReserved": "2022-10-27T18:53:39.760Z",
"dateUpdated": "2024-11-13T15:59:15.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20588 (GCVE-0-2023-20588)
Vulnerability from nvd – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23
VLAI?
Title
Speculative Leaks
Summary
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | EPYC™ 7001 Processors |
Affected:
various
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:23:03.408701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:23:18.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
}
],
"value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:06:30.065Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"source": {
"advisory": "AMD-SB-7007",
"discovery": "UNKNOWN"
},
"title": "Speculative Leaks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20588",
"datePublished": "2023-08-08T17:06:30.065Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-10-17T14:23:18.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26365 (GCVE-0-2021-26365)
Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:47
VLAI?
Summary
Certain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service or potentially limited leakage of information about
out-of-bounds memory contents.
Severity ?
8.2 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 |
Affected:
various
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:46:52.526016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:47:24.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:58:57.236Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"source": {
"advisory": "AMD-SB-4001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26365",
"datePublished": "2023-05-09T18:58:57.236Z",
"dateReserved": "2021-01-29T21:24:26.151Z",
"dateUpdated": "2025-01-28T15:47:24.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26346 (GCVE-0-2021-26346)
Vulnerability from nvd – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
VLAI?
Summary
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | Ryzen 5000 Series |
Affected:
various
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:14:14.715212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:14:19.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 5000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-01-10T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T07:01:59.843Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"source": {
"advisory": "AMD-SB-1031",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26346",
"datePublished": "2023-01-10T19:50:24.146Z",
"dateReserved": "2021-01-29T21:24:26.146Z",
"dateUpdated": "2025-04-09T15:14:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26393 (GCVE-0-2021-26393)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58
VLAI?
Summary
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
}
],
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:50.269Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26393",
"datePublished": "2022-11-09T20:44:25.517806Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T21:58:26.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26392 (GCVE-0-2021-26392)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
VLAI?
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
}
],
"value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:08.137Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26392",
"datePublished": "2022-11-09T20:44:26.258839Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T20:51:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12931 (GCVE-0-2020-12931)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:56
VLAI?
Summary
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:36.423Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12931",
"datePublished": "2022-11-09T20:44:24.974055Z",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-09-17T00:56:08.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12930 (GCVE-0-2020-12930)
Vulnerability from nvd – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00
VLAI?
Summary
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:09.393Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12930",
"datePublished": "2022-11-09T20:44:25.791003Z",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-09-17T00:00:30.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4969 (GCVE-0-2023-4969)
Vulnerability from cvelistv5 – Published: 2024-01-16 17:01 – Updated: 2025-06-20 17:10
VLAI?
Title
GPU kernel implementations susceptible to memory leak
Summary
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Khronos Group | OpenCL |
Affected:
3.0.11 , ≤ 3.0.11
(custom)
|
|||||||
|
|||||||||
Credits
Trail of Bits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"tags": [
"x_transferred"
],
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.trailofbits.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4969",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T14:52:39.700257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:10:16.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenCL",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "3.0.11",
"status": "affected",
"version": "3.0.11",
"versionType": "custom"
}
]
},
{
"product": "Vulkan",
"vendor": "Khronos Group",
"versions": [
{
"lessThanOrEqual": "1.3.224",
"status": "affected",
"version": "1.3.224",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Trail of Bits"
}
],
"descriptions": [
{
"lang": "en",
"value": "A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en"
}
]
},
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T17:05:06.604Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://registry.khronos.org/OpenCL/specs/3.0-unified/html/OpenCL_API.html#_fundamental_memory_regions"
},
{
"url": "https://registry.khronos.org/vulkan/specs/1.3-extensions/html/index.html"
},
{
"url": "https://kb.cert.org/vuls/id/446598"
},
{
"url": "https://blog.trailofbits.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/446598"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GPU kernel implementations susceptible to memory leak",
"x_generator": {
"engine": "VINCE 2.1.9",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-4969"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-4969",
"datePublished": "2024-01-16T17:01:29.598Z",
"dateReserved": "2023-09-14T17:07:51.604Z",
"dateUpdated": "2025-06-20T17:10:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23821 (GCVE-0-2022-23821)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:54 – Updated: 2024-12-03 14:26
VLAI?
Summary
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” |
Affected:
various
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-05T20:28:42.236096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:26:05.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:26:03.900Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23821",
"datePublished": "2023-11-14T18:54:32.952Z",
"dateReserved": "2022-01-21T17:20:55.779Z",
"dateUpdated": "2024-12-03T14:26:05.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23820 (GCVE-0-2022-23820)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-08-03 03:51
VLAI?
Summary
Failure to validate the AMD SMM communication buffer
may allow an attacker to corrupt the SMRAM potentially leading to arbitrary
code execution.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:46.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics \u201cPicasso\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 2000 Series Processors \u201cColfax\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 3000 Series Mobile Processor with Radeon\u2122 Graphics \u201cPicasso\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d FP6",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics \u201cRembrandt-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics \u201cBarcelo\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics \u201cBarcelo-R\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Failure to validate the AMD SMM communication buffer\nmay allow an attacker to corrupt the SMRAM potentially leading to arbitrary\ncode execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:28:41.324Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2022-23820",
"datePublished": "2023-11-14T18:52:21.457Z",
"dateReserved": "2022-01-21T17:20:55.778Z",
"dateUpdated": "2024-08-03T03:51:46.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20588 (GCVE-0-2023-20588)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:06 – Updated: 2024-10-17 14:23
VLAI?
Title
Speculative Leaks
Summary
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | EPYC™ 7001 Processors |
Affected:
various
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:23:03.408701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:23:18.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "EPYC\u2122 7001 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "Various "
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u0026nbsp;\n\n\n\n\n\n\n\n"
}
],
"value": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:06:30.065Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-439.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0005/"
}
],
"source": {
"advisory": "AMD-SB-7007",
"discovery": "UNKNOWN"
},
"title": "Speculative Leaks",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20588",
"datePublished": "2023-08-08T17:06:30.065Z",
"dateReserved": "2022-10-27T18:53:39.759Z",
"dateUpdated": "2024-10-17T14:23:18.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20589 (GCVE-0-2023-20589)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:04 – Updated: 2024-11-13 15:59
VLAI?
Title
fTPM Voltage Fault Injection
Summary
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors |
Affected:
various
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:54:27.796904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T15:59:15.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
"vendor": " ",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 5000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 6000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7030 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 PRO 7030 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "affected",
"packageName": " ",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-08-08T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution.\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T17:04:17.854Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4005"
}
],
"source": {
"advisory": "AMD-SB-4005",
"discovery": "UNKNOWN"
},
"title": "fTPM Voltage Fault Injection ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20589",
"datePublished": "2023-08-08T17:04:17.854Z",
"dateReserved": "2022-10-27T18:53:39.760Z",
"dateUpdated": "2024-11-13T15:59:15.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26365 (GCVE-0-2021-26365)
Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:47
VLAI?
Summary
Certain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to
denial of service or potentially limited leakage of information about
out-of-bounds memory contents.
Severity ?
8.2 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Ryzen™ 2000 series Desktop Processors “Raven Ridge” AM4 |
Affected:
various
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:46:52.526016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:47:24.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 series Desktop Processors \u201cRaven Ridge\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Desktop processor with Radeon\u2122 Graphics \u201cCezanne\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cDali\u201d/\u201dDali\u201d ULP",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cPollock\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 2000 Series Mobile Processors \u201cRaven Ridge\u201d FP5",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile processor, 2nd Gen AMD Ryzen\u2122 Mobile Processors with Radeon\u2122 Graphics \u201cPicasso\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics \u201cRenoir\u201d ",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cCezanne\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 6000 Series Mobile Processors \"Rembrandt\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"value": "Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:58:57.236Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
}
],
"source": {
"advisory": "AMD-SB-4001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26365",
"datePublished": "2023-05-09T18:58:57.236Z",
"dateReserved": "2021-01-29T21:24:26.151Z",
"dateUpdated": "2025-01-28T15:47:24.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26346 (GCVE-0-2021-26346)
Vulnerability from cvelistv5 – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
VLAI?
Summary
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AMD | Ryzen 5000 Series |
Affected:
various
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:14:14.715212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:14:19.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen 5000 Series",
"vendor": " AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-01-10T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-11T07:01:59.843Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
}
],
"source": {
"advisory": "AMD-SB-1031",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26346",
"datePublished": "2023-01-10T19:50:24.146Z",
"dateReserved": "2021-01-29T21:24:26.146Z",
"dateUpdated": "2025-04-09T15:14:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26392 (GCVE-0-2021-26392)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 20:51
VLAI?
Summary
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122Embedded V3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.\u003c/p\u003e"
}
],
"value": "Insufficient verification of missing size check in \u0027LoadModule\u0027 may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:08.137Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26392",
"datePublished": "2022-11-09T20:44:26.258839Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T20:51:46.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12930 (GCVE-0-2020-12930)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:00
VLAI?
Summary
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:09.393Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12930",
"datePublished": "2022-11-09T20:44:25.791003Z",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-09-17T00:00:30.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26393 (GCVE-0-2021-26393)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-16 21:58
VLAI?
Summary
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 6000 Series \u0026 PRO W6000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded V2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality.\u003c/p\u003e"
}
],
"value": "Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:22:50.269Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26393",
"datePublished": "2022-11-09T20:44:25.517806Z",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-09-16T21:58:26.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12931 (GCVE-0-2020-12931)
Vulnerability from cvelistv5 – Published: 2022-11-09 20:44 – Updated: 2024-09-17 00:56
VLAI?
Summary
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | AMD Radeon RX 5000 Series & PRO W5000 Series |
Affected:
AMD Radeon Software , < 22.5.2
(custom)
Affected: AMD Radeon Pro Software Enterprise , < 22.Q2 (custom) Affected: Enterprise Driver , < 22.10.20 (custom) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AMD Radeon RX 5000 Series \u0026 PRO W5000 Series",
"vendor": "AMD",
"versions": [
{
"lessThan": "22.5.2",
"status": "affected",
"version": "AMD Radeon Software",
"versionType": "custom"
},
{
"lessThan": "22.Q2",
"status": "affected",
"version": "AMD Radeon Pro Software Enterprise",
"versionType": "custom"
},
{
"lessThan": "22.10.20",
"status": "affected",
"version": "Enterprise Driver",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded R2000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen(TM) Embedded V1000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2022-11-08T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity.\u003c/p\u003e"
}
],
"value": "Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of integrity."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T19:20:36.423Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1029"
},
{
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-5001"
}
],
"source": {
"advisory": "AMD-SB-1029, AMD-SB-5001",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12931",
"datePublished": "2022-11-09T20:44:24.974055Z",
"dateReserved": "2020-05-15T00:00:00",
"dateUpdated": "2024-09-17T00:56:08.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}