Search

Find a vulnerability

Search criteria

    42 vulnerabilities found for ryzen_7_5825c_firmware by amd

    CVE-2023-20579 (GCVE-0-2023-20579)

    Vulnerability from nvd – Published: 2024-02-13 19:32 – Updated: 2025-03-14 17:21
    VLAI
    Summary
    Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processor Affected: Various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T15:53:23.792810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T17:21:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:11.904Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20579",
        "datePublished": "2024-02-13T19:32:11.904Z",
        "dateReserved": "2022-10-27T18:53:39.757Z",
        "dateUpdated": "2025-03-14T17:21:09.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20559 (GCVE-0-2023-20559)

    Vulnerability from nvd – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43
    VLAI
    Summary
    Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-691 - Insufficient Control Flow Management
    Assigner
    AMD
    References
    Date Public
    2023-03-23 18:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20559",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T16:43:46.344707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-691",
                    "description": "CWE-691 Insufficient Control Flow Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T16:43:49.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-03-23T18:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-02T18:49:20.069Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
            }
          ],
          "source": {
            "advisory": "amd-sb-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20559",
        "datePublished": "2023-03-23T18:49:41.533Z",
        "dateReserved": "2022-10-27T18:53:39.746Z",
        "dateUpdated": "2025-02-25T16:43:49.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20558 (GCVE-0-2023-20558)

    Vulnerability from nvd – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23
    VLAI
    Summary
    Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-670 - Always-Incorrect Control Flow Implementation
    Assigner
    AMD
    References
    Date Public
    2023-03-23 18:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.894Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:20:00.856473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-670",
                    "description": "CWE-670 Always-Incorrect Control Flow Implementation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T19:23:58.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-03-23T18:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-02T18:49:20.069Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
            }
          ],
          "source": {
            "advisory": "amd-sb-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20558",
        "datePublished": "2023-03-23T18:50:11.488Z",
        "dateReserved": "2022-10-27T18:53:39.746Z",
        "dateUpdated": "2025-02-20T19:23:58.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26346 (GCVE-0-2021-26346)

    Vulnerability from nvd – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
    VLAI
    Summary
    Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen 5000 Series Affected: various
    Create a notification for this product.
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:14:14.715212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:14:19.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
                }
              ],
              "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26346",
        "datePublished": "2023-01-10T19:50:24.146Z",
        "dateReserved": "2021-01-29T21:24:26.146Z",
        "dateUpdated": "2025-04-09T15:14:19.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26316 (GCVE-0-2021-26316)

    Vulnerability from nvd – Published: 2023-01-10 19:46 – Updated: 2025-04-09 15:19
    VLAI
    Summary
    Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:18:38.823141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:19:17.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 2000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 3000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
                }
              ],
              "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031, AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26316",
        "datePublished": "2023-01-10T19:46:46.575Z",
        "dateReserved": "2021-01-29T21:24:26.137Z",
        "dateUpdated": "2025-04-09T15:19:17.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23824 (GCVE-0-2022-23824)

    Vulnerability from nvd – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "FEDORA-2022-9f51d13fa3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
              },
              {
                "name": "FEDORA-2022-53a4a5dd11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
              },
              {
                "name": "DSA-5378",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5378"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-17T01:23:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "FEDORA-2022-9f51d13fa3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
            },
            {
              "name": "FEDORA-2022-53a4a5dd11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
            },
            {
              "name": "DSA-5378",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5378"
            },
            {
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23824",
        "datePublished": "2022-11-09T20:48:06.826Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:23.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46778 (GCVE-0-2021-46778)

    Vulnerability from nvd – Published: 2022-08-09 20:20 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-09T20:20:12.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-08-09T16:00:00.000Z",
              "ID": "CVE-2021-46778",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "Some AMD Processors"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46778",
        "datePublished": "2022-08-09T20:20:12.911Z",
        "dateReserved": "2022-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26384 (GCVE-0-2021-26384)

    Vulnerability from nvd – Published: 2022-07-14 19:28 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-14T19:28:56.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26384",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26384",
        "datePublished": "2022-07-14T19:28:56.918Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:36.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26382 (GCVE-0-2021-26382)

    Vulnerability from nvd – Published: 2022-07-14 19:28 – Updated: 2024-09-16 22:29
    VLAI
    Summary
    An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-14T19:28:30.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26382",
        "datePublished": "2022-07-14T19:28:30.676Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:29:40.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23823 (GCVE-0-2022-23823)

    Vulnerability from nvd – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
    VLAI
    Summary
    A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T19:13:04.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
              "ID": "CVE-2022-23823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23823",
        "datePublished": "2022-06-15T19:13:04.771Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:08.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26386 (GCVE-0-2021-26386)

    Vulnerability from nvd – Published: 2022-05-12 18:28 – Updated: 2024-09-16 17:53
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:28:38.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26386",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26386",
        "datePublished": "2022-05-12T18:28:38.025Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:53:15.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26368 (GCVE-0-2021-26368)

    Vulnerability from nvd – Published: 2022-05-12 18:22 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:22:27.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26368",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26368",
        "datePublished": "2022-05-12T18:22:27.719Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:04.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26363 (GCVE-0-2021-26363)

    Vulnerability from nvd – Published: 2022-05-12 18:39 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:39:33.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26363",
        "datePublished": "2022-05-12T18:39:33.159Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:07.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26317 (GCVE-0-2021-26317)

    Vulnerability from nvd – Published: 2022-05-12 18:27 – Updated: 2024-09-17 01:10
    VLAI
    Summary
    Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:27:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26317",
        "datePublished": "2022-05-12T18:27:48.589Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:10:36.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26369 (GCVE-0-2021-26369)

    Vulnerability from nvd – Published: 2022-05-12 17:07 – Updated: 2024-09-16 19:51
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:07:32.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26369",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26369",
        "datePublished": "2022-05-12T17:07:32.274Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:13.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26366 (GCVE-0-2021-26366)

    Vulnerability from nvd – Published: 2022-05-12 17:09 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T17:09:29.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26366",
        "datePublished": "2022-05-12T17:09:29.825Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:13.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20579 (GCVE-0-2023-20579)

    Vulnerability from cvelistv5 – Published: 2024-02-13 19:32 – Updated: 2025-03-14 17:21
    VLAI
    Summary
    Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7000 Series Desktop Processor Affected: Various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7045 Series Mobile Processors Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V2000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ Embedded V3000 Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 7035 Series Mobile Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    AMD AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics Affected: various
    Create a notification for this product.
    Date Public
    2024-02-13 17:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-14T15:53:23.792810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-14T17:21:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Desktop Processor with Radeon\u2122 Graphics  ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7000 Series Desktop Processor ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7045 Series Mobile Processors ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V2000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "PI",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 Embedded V3000",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 7035 Series Mobile Processors with Radeon\u2122 Graphics ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "AMD Ryzen\u2122 3000 Series Processors with Radeon\u2122 Graphics",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2024-02-13T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "Improper\nAccess Control in the AMD SPI protection feature may allow a user with Ring0\n(kernel mode) privileged access to bypass protections potentially resulting in\nloss of integrity and availability.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-13T19:32:11.904Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7009"
            }
          ],
          "source": {
            "advisory": "AMD-SB-7009",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20579",
        "datePublished": "2024-02-13T19:32:11.904Z",
        "dateReserved": "2022-10-27T18:53:39.757Z",
        "dateUpdated": "2025-03-14T17:21:09.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20558 (GCVE-0-2023-20558)

    Vulnerability from cvelistv5 – Published: 2023-03-23 18:50 – Updated: 2025-02-20 19:23
    VLAI
    Summary
    Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-670 - Always-Incorrect Control Flow Implementation
    Assigner
    AMD
    References
    Date Public
    2023-03-23 18:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.894Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:20:00.856473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-670",
                    "description": "CWE-670 Always-Incorrect Control Flow Implementation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T19:23:58.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-03-23T18:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-02T18:49:20.069Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
            }
          ],
          "source": {
            "advisory": "amd-sb-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20558",
        "datePublished": "2023-03-23T18:50:11.488Z",
        "dateReserved": "2022-10-27T18:53:39.746Z",
        "dateUpdated": "2025-02-20T19:23:58.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20559 (GCVE-0-2023-20559)

    Vulnerability from cvelistv5 – Published: 2023-03-23 18:49 – Updated: 2025-02-25 16:43
    VLAI
    Summary
    Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-691 - Insufficient Control Flow Management
    Assigner
    AMD
    References
    Date Public
    2023-03-23 18:33
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20559",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T16:43:46.344707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-691",
                    "description": "CWE-691 Insufficient Control Flow Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T16:43:49.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 2000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 3000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 4000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen\u2122 5000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen AMD Ryzen\u2122 Threadripper\u2122 Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "x86"
              ],
              "product": " Ryzen\u2122 Threadripper\u2122 PRO Processor",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2023-03-23T18:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003e\n\n\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "\n\n\nInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.\n\n\n\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-02T18:49:20.069Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
            }
          ],
          "source": {
            "advisory": "amd-sb-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2023-20559",
        "datePublished": "2023-03-23T18:49:41.533Z",
        "dateReserved": "2022-10-27T18:53:39.746Z",
        "dateUpdated": "2025-02-25T16:43:49.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26346 (GCVE-0-2021-26346)

    Vulnerability from cvelistv5 – Published: 2023-01-10 19:50 – Updated: 2025-04-09 15:14
    VLAI
    Summary
    Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD Ryzen 5000 Series Affected: various
    Create a notification for this product.
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:14:14.715212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:14:19.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
                }
              ],
              "value": "Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26346",
        "datePublished": "2023-01-10T19:50:24.146Z",
        "dateReserved": "2021-01-29T21:24:26.146Z",
        "dateUpdated": "2025-04-09T15:14:19.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26316 (GCVE-0-2021-26316)

    Vulnerability from cvelistv5 – Published: 2023-01-10 19:46 – Updated: 2025-04-09 15:19
    VLAI
    Summary
    Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-20 - Improper Input Validation
    Assigner
    AMD
    Date Public
    2023-01-10 17:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-26316",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:18:38.823141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:19:17.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 5000 Series ",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 2000 Series",
              "vendor": " AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "Ryzen 3000 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA ",
              "platforms": [
                "x86"
              ],
              "product": "1st Gen EPYC ",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "2nd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Various "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "AGESA",
              "platforms": [
                "x86"
              ],
              "product": "3rd Gen EPYC",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various "
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T17:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
                }
              ],
              "value": "Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-11T07:01:59.843Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1031, AMD-SB-1032",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26316",
        "datePublished": "2023-01-10T19:46:46.575Z",
        "dateReserved": "2021-01-29T21:24:26.137Z",
        "dateUpdated": "2025-04-09T15:19:17.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23824 (GCVE-0-2022-23824)

    Vulnerability from cvelistv5 – Published: 2022-11-09 20:48 – Updated: 2025-02-13 16:32
    VLAI
    Summary
    IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
              },
              {
                "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
              },
              {
                "name": "FEDORA-2022-9f51d13fa3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
              },
              {
                "name": "FEDORA-2022-53a4a5dd11",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
              },
              {
                "name": "DSA-5378",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5378"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202402-07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-17T01:23:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040"
            },
            {
              "name": "[oss-security] 20221110 Xen Security Advisory 422 v2 (CVE-2022-23824) - x86: Multiple speculative security issues",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/11/10/2"
            },
            {
              "name": "FEDORA-2022-9f51d13fa3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"
            },
            {
              "name": "FEDORA-2022-53a4a5dd11",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTQMPJC5N6XJYQ232OZFLK47HVZNRBY3/"
            },
            {
              "name": "DSA-5378",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5378"
            },
            {
              "url": "https://security.gentoo.org/glsa/202402-07"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23824",
        "datePublished": "2022-11-09T20:48:06.826Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:32:23.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46778 (GCVE-0-2021-46778)

    Vulnerability from cvelistv5 – Published: 2022-08-09 20:20 – Updated: 2024-09-17 00:36
    VLAI
    Summary
    Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor Some AMD Processors
    Create a notification for this product.
    Date Public
    2022-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T05:17:42.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  Some AMD Processors"
                }
              ]
            }
          ],
          "datePublic": "2022-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-09T20:20:12.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-08-09T16:00:00.000Z",
              "ID": "CVE-2021-46778",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "Some AMD Processors"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed \u201cZen 1\u201d, \u201cZen 2\u201d and \u201cZen 3\u201d that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-46778",
        "datePublished": "2022-08-09T20:20:12.911Z",
        "dateReserved": "2022-03-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:36:13.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26384 (GCVE-0-2021-26384)

    Vulnerability from cvelistv5 – Published: 2022-07-14 19:28 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-14T19:28:56.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26384",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26384",
        "datePublished": "2022-07-14T19:28:56.918Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:36.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26382 (GCVE-0-2021-26382)

    Vulnerability from cvelistv5 – Published: 2022-07-14 19:28 – Updated: 2024-09-16 22:29
    VLAI
    Summary
    An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.544Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-14T19:28:30.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26382",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26382",
        "datePublished": "2022-07-14T19:28:30.676Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:29:40.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23823 (GCVE-0-2022-23823)

    Vulnerability from cvelistv5 – Published: 2022-06-15 19:13 – Updated: 2024-09-17 03:59
    VLAI
    Summary
    A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.
    Severity
    No CVSS data available.
    CWE
    • NA
    Assigner
    AMD
    References
    Impacted products
    Vendor Product Version
    AMD AMD Processors Affected: Processor various
    Create a notification for this product.
    Date Public
    2022-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:51:46.073Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AMD Processors",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "Processor  various"
                }
              ]
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "NA",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T19:13:04.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-06-14T20:30:00.000Z",
              "ID": "CVE-2022-23823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AMD Processors",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_name": "Processor",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "NA"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2022-23823",
        "datePublished": "2022-06-15T19:13:04.771Z",
        "dateReserved": "2022-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:59:08.119Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26363 (GCVE-0-2021-26363)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:39 – Updated: 2024-09-17 02:21
    VLAI
    Summary
    A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:24.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:39:33.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26363",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26363",
        "datePublished": "2022-05-12T18:39:33.159Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:21:07.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26386 (GCVE-0-2021-26386)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:28 – Updated: 2024-09-16 17:53
    VLAI
    Summary
    A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:28:38.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26386",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26386",
        "datePublished": "2022-05-12T18:28:38.025Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:53:15.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26317 (GCVE-0-2021-26317)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:27 – Updated: 2024-09-17 01:10
    VLAI
    Summary
    Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:19:20.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:27:48.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26317",
        "datePublished": "2022-05-12T18:27:48.589Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:10:36.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-26368 (GCVE-0-2021-26368)

    Vulnerability from cvelistv5 – Published: 2022-05-12 18:22 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.
    Severity
    No CVSS data available.
    CWE
    • tbd
    Assigner
    AMD
    References
    Impacted products
    Date Public
    2022-05-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:26:25.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Ryzen\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            },
            {
              "product": "Athlon\u2122 Series",
              "vendor": "AMD",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2022-05-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "tbd",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T18:22:27.000Z",
            "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
            "shortName": "AMD"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
            }
          ],
          "source": {
            "advisory": "AMD-SB-1027",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@amd.com",
              "DATE_PUBLIC": "2022-05-10T20:00:00.000Z",
              "ID": "CVE-2021-26368",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Ryzen\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Athlon\u2122 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "AMD"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "tbd"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027",
                  "refsource": "MISC",
                  "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1027"
                }
              ]
            },
            "source": {
              "advisory": "AMD-SB-1027",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "assignerShortName": "AMD",
        "cveId": "CVE-2021-26368",
        "datePublished": "2022-05-12T18:22:27.719Z",
        "dateReserved": "2021-01-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:04.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }