Search
Find a vulnerability
Search criteria
4 vulnerabilities found for ryzen_9_3950xt_firmware by amd
CVE-2021-46774 (GCVE-0-2021-46774)
Vulnerability from nvd – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
VLAI
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:52.542045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:31:43.449Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46774",
"datePublished": "2023-11-14T18:52:11.012Z",
"dateReserved": "2022-03-31T16:50:27.874Z",
"dateUpdated": "2024-10-11T18:07:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26356 (GCVE-0-2021-26356)
Vulnerability from nvd – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:48
VLAI
Summary
A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 |
Affected:
various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2023-05-09 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:48:34.459184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:48:38.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:58:48.108Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
}
],
"source": {
"advisory": "AMD-SB-4001, AMD-SB-3001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26356",
"datePublished": "2023-05-09T18:58:48.108Z",
"dateReserved": "2021-01-29T21:24:26.149Z",
"dateUpdated": "2025-01-28T15:48:38.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46774 (GCVE-0-2021-46774)
Vulnerability from cvelistv5 – Published: 2023-11-14 18:52 – Updated: 2024-10-11 18:07
VLAI
Summary
Insufficient DRAM address validation in System
Management Unit (SMU) may allow an attacker to read/write from/to an invalid
DRAM address, potentially resulting in denial-of-service.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 series Desktop Processors “Matisse" |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 4th Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 3000 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7002 |
Affected:
various
|
|
| AMD | AMD EPYC™ Embedded 7003 |
Affected:
various
|
|
| AMD | AMD Ryzen™ Embedded 5000 |
Affected:
various
|
Date Public
2023-11-14 17:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:52.542045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 series Desktop Processors \u201cMatisse\"",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Series Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "PI",
"platforms": [
"x86"
],
"product": "4th Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD Ryzen\u2122 Embedded 5000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7002",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 3000",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AMD EPYC\u2122 Embedded 7003",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient DRAM address validation in System\nManagement Unit (SMU) may allow an attacker to read/write from/to an invalid\nDRAM address, potentially resulting in denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:31:43.449Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001"
}
],
"source": {
"advisory": "AMD-SB-4002, AMD-SB-3002, AMD-SB-5001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46774",
"datePublished": "2023-11-14T18:52:11.012Z",
"dateReserved": "2022-03-31T16:50:27.874Z",
"dateUpdated": "2024-10-11T18:07:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26356 (GCVE-0-2021-26356)
Vulnerability from cvelistv5 – Published: 2023-05-09 18:58 – Updated: 2025-01-28 15:48
VLAI
Summary
A TOCTOU in ASP bootloader may allow an attacker
to tamper with the SPI ROM following data read to memory potentially resulting
in S3 data corruption and information disclosure.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
| https://www.amd.com/en/corporate/product-security… | vendor-advisory |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AMD | Ryzen™ 3000 Series Desktop Processors “Matisse” AM4 |
Affected:
various
|
|
| AMD | AMD Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4 |
Affected:
various
|
|
| AMD | 3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS |
Affected:
various
|
|
| AMD | Ryzen™ Threadripper™ PRO Processors “Chagall” WS |
Affected:
various
|
|
| AMD | 1st Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 2nd Gen AMD EPYC™ Processors |
Affected:
various
|
|
| AMD | 3rd Gen AMD EPYC™ Processors |
Affected:
various
|
Date Public
2023-05-09 16:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:24.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-26356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T15:48:34.459184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:48:38.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors \u201cVermeer\u201d AM4",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cChagall\u201d WS",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "1st Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "2nd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AGESA",
"platforms": [
"x86"
],
"product": "3rd Gen AMD EPYC\u2122 Processors",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various "
}
]
}
],
"datePublic": "2023-05-09T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n"
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T18:58:48.108Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3001"
}
],
"source": {
"advisory": "AMD-SB-4001, AMD-SB-3001",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-26356",
"datePublished": "2023-05-09T18:58:48.108Z",
"dateReserved": "2021-01-29T21:24:26.149Z",
"dateUpdated": "2025-01-28T15:48:38.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}